No. I'm sure they are trying to recover from this week's activities and rarely have time to follow this list anyway. It would likely be Alain Zidouemba the sig team lead.
To get feedback on FP's you would need to subscribe to the clamav-virusdb list and it often takes weeks under normal circumstances. The main contributor here is Joel Esler, Manager, Talos Group. Sent from Janet's iPad -Al- On Mar 17, 2016, at 1:09 PM, "Jason J. W. Williams" <jasonjwwilli...@gmail.com> wrote: > Does anyone that's chimed in work on the signatures team? > > -J > > On Thu, Mar 17, 2016 at 10:31 AM, Al Varnell <alvarn...@mac.com> wrote: > >> There have not been any additional updates released yet, so nothing could >> have changed. >> >> -Al- >> >> On Thu, Mar 17, 2016 at 10:25 AM, Jason Williams wrote: >>> >>> Is anyone still seeing this or have they fixed it? >>> >>> -J >>> >>> Sent via iPhone >>> >>>> On Mar 17, 2016, at 02:44, Mark Allan <markjal...@gmail.com> wrote: >>>> >>>> Just to confirm, I'm also seeing everything being flagged as >> Win.Trojan.Trojan-476 with the new main/daily.cvd files. >>>> >>>> Mark >>>> >>>>> On 17 Mar 2016, at 6:49 am, Al Varnell <alvarn...@mac.com> wrote: >>>>> >>>>> I just ran a scan against the ClamAV test files contained in the >> 0.99.1 source file and I’m getting all Win.Trojan.Trojan-476: >>>>> >>>>> File Name Infection Name Status >>>>> >> /Users/avarnell/Desktop/•Download/clamav-0.99.1/unit_tests/clam-phish-exe >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.cab >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.zip >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.arj >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.rtf >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.szdd >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.tar.gz >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.chm >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.sis >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-aspack.exe >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-pespin.exe >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-upx.exe >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-fsg.exe >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-mew.exe >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-nsis.exe >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-petite.exe >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-upack.exe >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-wwpack.exe >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.pdf >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.mail >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.ppt >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.tnef >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.ea05.exe >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.ea06.exe >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.d64.zip >> Win.Trojan.Trojan-476 >>>>> >> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.mbox.base64 >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.mbox.uu >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.binhex >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.ole.doc >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.impl.zip >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.html >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.bin-be.cpio >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.bin-le.cpio >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.newc.cpio >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.odc.cpio >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-yc.exe >> Win.Trojan.Trojan-476 >>>>> >> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam_IScab_int.exe >> Win.Trojan.Trojan-476 >>>>> >> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam_IScab_ext.exe >> Win.Trojan.Trojan-476 >>>>> >> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam_ISmsi_int.exe >> Win.Trojan.Trojan-476 >>>>> >> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam_ISmsi_ext.exe >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.7z >> Win.Trojan.Trojan-476 >>>>> >> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam_cache_emax.tgz >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.iso >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clamjol.iso >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-v2.rar >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-v3.rar >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.bz2 >> Win.Trojan.Trojan-476 >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.bz2.zip >> Win.Trojan.Trojan-476 >>>>> >> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/.split/split.clam_IScab_int.exeaa >> Win.Trojan.Trojan-476 >>>>> >> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/.split/split.clam.isoaa >> Win.Trojan.Trojan-476 >>>>> >> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/.split/split.clam_IScab_ext.exeaa >> Win.Trojan.Trojan-476 >>>>> >> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/.split/split.clamjol.isoaa >> Win.Trojan.Trojan-476 >>>>> >>>>> -Al- >>>>> >>>>>> On Wed, Mar 16, 2016 at 10:46 PM, Jason Williams wrote: >>>>>> >>>>>> Hey Al, >>>>>> >>>>>> I submitted a FP report with one attached. Just put the EICAR string >> into a txt file and that'll trigger it. >>>>>> >>>>>> -J >>>>>> >>>>>> Sent via iPhone >>>>>> >>>>>>> On Mar 16, 2016, at 22:16, Al Varnell <alvarn...@mac.com> wrote: >>>>>>> >>>>>>> I don’t know why sanesecurity-porcupine.ndb is causing this, but I >> can now see that the signatures for Win.Test.EICAR_LDB-1 and >> Win.Trojan.Trojan-605 are identical, so this is an FP situation which would >> be reported. >>>>>>> < >> http://clamav-du.securesites.net/cgi-bin/clamgrok?virus=Win.Test.EICAR_LDB-1&search-type=contains&case-sensitivity=No&database=daily&database=main&display=database&display=virus&display=signature&.submit=Submit&.cgifields=database&.cgifields=search-type&.cgifields=case-sensitivity&.cgifields=display >>> >>>>>>> >>>>>>> However, I’m not sure where to find a copy of a Win.Test.EICAR_LDB-1 >> file to submit. >>>>>>> >>>>>>> -Al- >>>>>>> >>>>>>> >>>>>>>> On Wed, Mar 16, 2016 at 09:44 PM, Jason J. W. Williams wrote: >>>>>>>> >>>>>>>> Culprit seems to be sanesecurity-porcupine.ndb ( >>>>>>>> http://sanesecurity.com/usage/signatures/). Moving it out causes >>>>>>>> Win.Test.EICAR_NDB-1 >>>>>>>> FOUND to be found, moving it back in triggers the >> Win.Trojan.Trojan-605 FP. >>>>>>>> Since the Win.Trojan.Trojan sig isn't in the DB I'm not sure why >> that is. >>>>>>>> >>>>>>>> -J >>>>>>>> >>>>>>>>> On Wed, Mar 16, 2016 at 9:38 PM, Al Varnell <alvarn...@mac.com> >> wrote: >>>>>>>>> >>>>>>>>> Disregard, I found it here after they got the new main.cvd: >>>>>>>>> < >>>>>>>>> >> http://clamav-du.securesites.net/cgi-bin/clamgrok?virus=Win.Trojan.Trojan-605&search-type=contains&case-sensitivity=No&database=daily&database=main&display=database&display=virus&display=signature&.submit=Submit&.cgifields=database&.cgifields=search-type&.cgifields=case-sensitivity&.cgifields=display >>>>>>>>> >>>>>>>>> I’ll see what I get once my main.cvd finishes. >>>>>>>>> >>>>>>>>> -Al- >>>>>>>>> >>>>>>>>>> On Wed, Mar 16, 2016 at 09:32 PM, Al Varnell wrote: >>>>>>>>>> >>>>>>>>>> I’m still looking, but so far I can’t find any Win.Trojan.Trojan >>>>>>>>> signatures in the ClamAV Official database or listed in >> clamav-virusdb >>>>>>>>> e-mail list. >>>>>>>>>> >>>>>>>>>> Nor can I confirm your results using my own EICAR. >>>>>>>>>> >>>>>>>>>> Are you using any Unofficial signatures from a different source? >>>>>>>>>> >>>>>>>>>> -Al- >>>>>>>>>> >>>>>>>>>>> On Wed, Mar 16, 2016 at 09:06 PM, Jason J. W. Williams wrote: >>>>>>>>>>> >>>>>>>>>>> Pulled down 21466 (and force restarted clamd) but it's still >> classifying >>>>>>>>>>> EICAR as Win.Trojan.Trojan: >>>>>>>>>>> >>>>>>>>>>> https://gist.github.com/williamsjj/b8104402e80f44475df5 >>>>>>>>>>> >>>>>>>>>>> Databases are up to date now: >>>>>>>>>>> main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, >>>>>>>>> builder: >>>>>>>>>>> amishhammer) >>>>>>>>>>> Empty script daily-21465.cdiff, need to download entire database >>>>>>>>>>> Downloading daily.cvd [100%] >>>>>>>>>>> daily.cvd updated (version: 21466, sigs: 83889, f-level: 63, >> builder: >>>>>>>>>>> amishhammer) >>>>>>>>>>> Empty script bytecode-275.cdiff, need to download entire database >>>>>>>>>>> Downloading bytecode.cvd [100%] >>>>>>>>>>> bytecode.cvd updated (version: 275, sigs: 45, f-level: 63, >> builder: >>>>>>>>>>> amishhammer) >>>>>>>>>>> Database updated (4302724 signatures) from db.local.clamav.net >> (IP: >>>>>>>>>>> 193.1.193.64) >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> On Wed, Mar 16, 2016 at 9:00 PM, Al Varnell <alvarn...@mac.com> >> wrote: >>>>>>>>>>>> >>>>>>>>>>>> Those are normal messages for an update of this kind. The >> 21465.cdiff >>>>>>>>> was >>>>>>>>>>>> purposely blank in order to force you to download the entire >> daily.cvd. >>>>>>>>>>>> Give it plenty of time as the main.cvd is 109MB. >>>>>>>>>>>> >>>>>>>>>>>> Technical details: < >>>>>>>>> >> http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance.html >>>>>>>>>>>> >>>>>>>>>>>> -Al- >>>>>>>>>>>> >>>>>>>>>>>>> On Wed, Mar 16, 2016 at 08:56 PM, Jason J. W. Williams wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks. Hopefully it'll sync up soon. I'm getting weird >> download >>>>>>>>> errors >>>>>>>>>>>> out >>>>>>>>>>>>> of freshclam: >>>>>>>>>>>>> >>>>>>>>>>>>> WARNING: getfile: Error while reading database from >>>>>>>>> db.local.clamav.net >>>>>>>>>>>>> (IP: 200.236.31.1): Operation now in progress >>>>>>>>>>>>> WARNING: getpatch: Can't download daily-21465.cdiff from >>>>>>>>>>>> db.local.clamav.net >>>>>>>>>>>>> nonblock_recv: recv timing out (30 secs) >>>>>>>>>>>>> WARNING: getfile: Error while reading database from >>>>>>>>> db.local.clamav.net >>>>>>>>>>>>> (IP: 194.186.47.19): Operation now in progress >>>>>>>>>>>>> WARNING: getpatch: Can't download daily-21465.cdiff from >>>>>>>>>>>> db.local.clamav.net >>>>>>>>>>>>> Empty script daily-21465.cdiff, need to download entire >> database >>>>>>>>>>>>> >>>>>>>>>>>>> On Wed, Mar 16, 2016 at 8:54 PM, Al Varnell <alvarn...@mac.com >>> >>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> The new database was just made available, so I recommend you >> hold off >>>>>>>>>>>>>> until you have the new mail.cvd v57 and daily.cvd v21466 >> before >>>>>>>>> getting >>>>>>>>>>>> too >>>>>>>>>>>>>> excited about this. >>>>>>>>>>>>>> >>>>>>>>>>>>>> -Al- >>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Wed, Mar 16, 2016 at 08:49 PM, Jason J. W. Williams wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> As of the latest daily update, running ClamAV against the >> EICAR test >>>>>>>>>>>>>> string >>>>>>>>>>>>>>> reports Win.Trojan.Trojan-605 instead of >> Eicar-Test-Signature. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -J >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Help us build a comprehensive ClamAV guide: >>>>>>>>> https://github.com/vrtadmin/clamav-faq >>>>>>>>> >>>>>>>>> http://www.clamav.net/contact.html#ml >>>>>>>> _______________________________________________ >>>>>>>> Help us build a comprehensive ClamAV guide: >>>>>>>> https://github.com/vrtadmin/clamav-faq >>>>>>>> >>>>>>>> http://www.clamav.net/contact.html#ml >>>>>>> >>>>>>> -Al- >>>>>>> -- >>>>>>> Al Varnell >>>>>>> Mountain View, CA >>>>>> _______________________________________________ >>>>>> Help us build a comprehensive ClamAV guide: >>>>>> https://github.com/vrtadmin/clamav-faq >>>>>> >>>>>> http://www.clamav.net/contact.html#ml >>>>> >>>>> -Al- >>>>> -- >>>>> Al Varnell >>>>> Mountain View, CA >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Help us build a comprehensive ClamAV guide: >>>>> https://github.com/vrtadmin/clamav-faq >>>>> >>>>> http://www.clamav.net/contact.html#ml >>>> >>>> _______________________________________________ >>>> Help us build a comprehensive ClamAV guide: >>>> https://github.com/vrtadmin/clamav-faq >>>> >>>> http://www.clamav.net/contact.html#ml >>> _______________________________________________ >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >> >> -Al- >> -- >> Al Varnell >> Mountain View, CA >> >> >> >> >> >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
