Yessir: # sigtool -u /var/lib/clamav/daily.cld
# grep -i 'Win.Trojan.Trojan-605' daily.ign main:42:Win.Trojan.Trojan-605 On Tue, May 17, 2016 at 1:25 PM, Alain Zidouemba <azidoue...@sourcefire.com> wrote: > $ sigtool -u /usr/local/share/clamav/daily.cld > > $ grep -i 'Win.Trojan.Trojan-605' daily.ign > main:42:Win.Trojan.Trojan-605 > > > Same on your end? > > - Alain > > On Tue, May 17, 2016 at 4:22 PM, Jason J. W. Williams < > jasonjwwilli...@gmail.com> wrote: > > > We do. > > > > -J > > > > On Tue, May 17, 2016 at 1:13 PM, Alain Zidouemba < > > azidoue...@sourcefire.com> > > wrote: > > > > > Jason: > > > > > > Do you have all both main.cvd and daily.cvd? Win.Trojan.Trojan-605 was > > > dropped several weeks ago, but would only be reflected in your > > installation > > > if you have both main.cvd and daily.cvd. Please confirm. > > > > > > Thanks, > > > > > > - Alain > > > > > > > > > > > > On Tue, May 17, 2016 at 4:11 PM, Jason J. W. Williams < > > > jasonjwwilli...@gmail.com> wrote: > > > > > > > No ClamAV 0.98.7. > > > > > > > > -J > > > > > > > > On Mon, May 16, 2016 at 11:25 PM, Al Varnell <alvarn...@mac.com> > > wrote: > > > > > > > > > I’m unable to replicate your findings: > > > > > > > > > > ~/Downloads/2016-05-16/eicar.txt: Eicar-Test-Signature FOUND > > > > > > > > > > Taking a look at the current daily.cld I see entries in both ignore > > > > > sections: > > > > > > > > > > daily.ign > > > > > 1374 > > > > > 002516 > > > > > > > > > > > > > > > > > > > > > > > > > fake:1:Dont_remove_this_line > > > > > ... > > > > > main:42:Win.Trojan.Trojan-605 > > > > > > > > > > > > > > > > > > > > > > > > > daily.ign2 > > > > > > > > > > 1072 002573 > > > > > > > > > > > > > > > > > > > > > > > > > fake_dont_remove_this_line > > > > > ... > > > > > Win.Trojan.Trojan-605 > > > > > > > > > > I wonder if it’s engine specific? Are you using 0.99.x > > > > > > > > > > -Al- > > > > > > > > > > On Mon, May 16, 2016 at 01:45 PM, Jason J. W. Williams wrote: > > > > > > > > > > > > Looks like EICAR is getting classified as Win.Trojan.Trojan-605 > > again > > > > > > (daily 21557). > > > > > > > > > > > > https://gist.github.com/williamsjj/b8104402e80f44475df5 > > > > > > > > > > > > -J > > > > > > > > > > > > On Wed, Mar 16, 2016 at 8:54 PM, Al Varnell <alvarn...@mac.com> > > > wrote: > > > > > > > > > > > >> The new database was just made available, so I recommend you > hold > > > off > > > > > >> until you have the new mail.cvd v57 and daily.cvd v21466 before > > > > getting > > > > > too > > > > > >> excited about this. > > > > > >> > > > > > >> -Al- > > > > > >> > > > > > >> On Wed, Mar 16, 2016 at 08:49 PM, Jason J. W. Williams wrote: > > > > > >>> > > > > > >>> As of the latest daily update, running ClamAV against the EICAR > > > test > > > > > >>> string > > > > > >>> reports Win.Trojan.Trojan-605 instead of Eicar-Test-Signature. > > > > > >>> > > > > > >>> -J > > > > > > > > > > _______________________________________________ > > > > > Help us build a comprehensive ClamAV guide: > > > > > https://github.com/vrtadmin/clamav-faq > > > > > > > > > > http://www.clamav.net/contact.html#ml > > > > > > > > > _______________________________________________ > > > > Help us build a comprehensive ClamAV guide: > > > > https://github.com/vrtadmin/clamav-faq > > > > > > > > http://www.clamav.net/contact.html#ml > > > > > > > _______________________________________________ > > > Help us build a comprehensive ClamAV guide: > > > https://github.com/vrtadmin/clamav-faq > > > > > > http://www.clamav.net/contact.html#ml > > > > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
