That's unfortunate. Given the magnitude of the change I would've expected them to be very attentive to the list, post deployment.
-J On Thu, Mar 17, 2016 at 1:23 PM, Al Varnell <alvarn...@mac.com> wrote: > No. I'm sure they are trying to recover from this week's activities and > rarely have time to follow this list anyway. It would likely be Alain > Zidouemba the sig team lead. > > To get feedback on FP's you would need to subscribe to the clamav-virusdb > list and it often takes weeks under normal circumstances. > > The main contributor here is Joel Esler, Manager, Talos Group. > > Sent from Janet's iPad > > -Al- > > On Mar 17, 2016, at 1:09 PM, "Jason J. W. Williams" < > jasonjwwilli...@gmail.com> wrote: > > Does anyone that's chimed in work on the signatures team? > > > > -J > > > > On Thu, Mar 17, 2016 at 10:31 AM, Al Varnell <alvarn...@mac.com> wrote: > > > >> There have not been any additional updates released yet, so nothing > could > >> have changed. > >> > >> -Al- > >> > >> On Thu, Mar 17, 2016 at 10:25 AM, Jason Williams wrote: > >>> > >>> Is anyone still seeing this or have they fixed it? > >>> > >>> -J > >>> > >>> Sent via iPhone > >>> > >>>> On Mar 17, 2016, at 02:44, Mark Allan <markjal...@gmail.com> wrote: > >>>> > >>>> Just to confirm, I'm also seeing everything being flagged as > >> Win.Trojan.Trojan-476 with the new main/daily.cvd files. > >>>> > >>>> Mark > >>>> > >>>>> On 17 Mar 2016, at 6:49 am, Al Varnell <alvarn...@mac.com> wrote: > >>>>> > >>>>> I just ran a scan against the ClamAV test files contained in the > >> 0.99.1 source file and I’m getting all Win.Trojan.Trojan-476: > >>>>> > >>>>> File Name Infection Name Status > >>>>> > >> > /Users/avarnell/Desktop/•Download/clamav-0.99.1/unit_tests/clam-phish-exe > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.cab > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.zip > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.arj > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.rtf > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.szdd > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.tar.gz > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.chm > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.sis > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-aspack.exe > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-pespin.exe > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-upx.exe > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-fsg.exe > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-mew.exe > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-nsis.exe > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-petite.exe > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-upack.exe > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-wwpack.exe > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.pdf > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.mail > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.ppt > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.tnef > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.ea05.exe > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.ea06.exe > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.d64.zip > >> Win.Trojan.Trojan-476 > >>>>> > >> > /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.mbox.base64 > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.mbox.uu > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.binhex > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.ole.doc > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.impl.zip > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.html > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.bin-be.cpio > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.bin-le.cpio > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.newc.cpio > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.odc.cpio > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-yc.exe > >> Win.Trojan.Trojan-476 > >>>>> > >> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam_IScab_int.exe > >> Win.Trojan.Trojan-476 > >>>>> > >> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam_IScab_ext.exe > >> Win.Trojan.Trojan-476 > >>>>> > >> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam_ISmsi_int.exe > >> Win.Trojan.Trojan-476 > >>>>> > >> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam_ISmsi_ext.exe > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.7z > >> Win.Trojan.Trojan-476 > >>>>> > >> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam_cache_emax.tgz > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.iso > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clamjol.iso > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-v2.rar > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-v3.rar > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.bz2 > >> Win.Trojan.Trojan-476 > >>>>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.bz2.zip > >> Win.Trojan.Trojan-476 > >>>>> > >> > /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/.split/split.clam_IScab_int.exeaa > >> Win.Trojan.Trojan-476 > >>>>> > >> > /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/.split/split.clam.isoaa > >> Win.Trojan.Trojan-476 > >>>>> > >> > /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/.split/split.clam_IScab_ext.exeaa > >> Win.Trojan.Trojan-476 > >>>>> > >> > /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/.split/split.clamjol.isoaa > >> Win.Trojan.Trojan-476 > >>>>> > >>>>> -Al- > >>>>> > >>>>>> On Wed, Mar 16, 2016 at 10:46 PM, Jason Williams wrote: > >>>>>> > >>>>>> Hey Al, > >>>>>> > >>>>>> I submitted a FP report with one attached. Just put the EICAR string > >> into a txt file and that'll trigger it. > >>>>>> > >>>>>> -J > >>>>>> > >>>>>> Sent via iPhone > >>>>>> > >>>>>>> On Mar 16, 2016, at 22:16, Al Varnell <alvarn...@mac.com> wrote: > >>>>>>> > >>>>>>> I don’t know why sanesecurity-porcupine.ndb is causing this, but I > >> can now see that the signatures for Win.Test.EICAR_LDB-1 and > >> Win.Trojan.Trojan-605 are identical, so this is an FP situation which > would > >> be reported. > >>>>>>> < > >> > http://clamav-du.securesites.net/cgi-bin/clamgrok?virus=Win.Test.EICAR_LDB-1&search-type=contains&case-sensitivity=No&database=daily&database=main&display=database&display=virus&display=signature&.submit=Submit&.cgifields=database&.cgifields=search-type&.cgifields=case-sensitivity&.cgifields=display > >>> > >>>>>>> > >>>>>>> However, I’m not sure where to find a copy of a > Win.Test.EICAR_LDB-1 > >> file to submit. > >>>>>>> > >>>>>>> -Al- > >>>>>>> > >>>>>>> > >>>>>>>> On Wed, Mar 16, 2016 at 09:44 PM, Jason J. W. Williams wrote: > >>>>>>>> > >>>>>>>> Culprit seems to be sanesecurity-porcupine.ndb ( > >>>>>>>> http://sanesecurity.com/usage/signatures/). Moving it out causes > >>>>>>>> Win.Test.EICAR_NDB-1 > >>>>>>>> FOUND to be found, moving it back in triggers the > >> Win.Trojan.Trojan-605 FP. > >>>>>>>> Since the Win.Trojan.Trojan sig isn't in the DB I'm not sure why > >> that is. > >>>>>>>> > >>>>>>>> -J > >>>>>>>> > >>>>>>>>> On Wed, Mar 16, 2016 at 9:38 PM, Al Varnell <alvarn...@mac.com> > >> wrote: > >>>>>>>>> > >>>>>>>>> Disregard, I found it here after they got the new main.cvd: > >>>>>>>>> < > >>>>>>>>> > >> > http://clamav-du.securesites.net/cgi-bin/clamgrok?virus=Win.Trojan.Trojan-605&search-type=contains&case-sensitivity=No&database=daily&database=main&display=database&display=virus&display=signature&.submit=Submit&.cgifields=database&.cgifields=search-type&.cgifields=case-sensitivity&.cgifields=display > >>>>>>>>> > >>>>>>>>> I’ll see what I get once my main.cvd finishes. > >>>>>>>>> > >>>>>>>>> -Al- > >>>>>>>>> > >>>>>>>>>> On Wed, Mar 16, 2016 at 09:32 PM, Al Varnell wrote: > >>>>>>>>>> > >>>>>>>>>> I’m still looking, but so far I can’t find any Win.Trojan.Trojan > >>>>>>>>> signatures in the ClamAV Official database or listed in > >> clamav-virusdb > >>>>>>>>> e-mail list. > >>>>>>>>>> > >>>>>>>>>> Nor can I confirm your results using my own EICAR. > >>>>>>>>>> > >>>>>>>>>> Are you using any Unofficial signatures from a different source? > >>>>>>>>>> > >>>>>>>>>> -Al- > >>>>>>>>>> > >>>>>>>>>>> On Wed, Mar 16, 2016 at 09:06 PM, Jason J. W. Williams wrote: > >>>>>>>>>>> > >>>>>>>>>>> Pulled down 21466 (and force restarted clamd) but it's still > >> classifying > >>>>>>>>>>> EICAR as Win.Trojan.Trojan: > >>>>>>>>>>> > >>>>>>>>>>> https://gist.github.com/williamsjj/b8104402e80f44475df5 > >>>>>>>>>>> > >>>>>>>>>>> Databases are up to date now: > >>>>>>>>>>> main.cvd is up to date (version: 57, sigs: 4218790, f-level: > 60, > >>>>>>>>> builder: > >>>>>>>>>>> amishhammer) > >>>>>>>>>>> Empty script daily-21465.cdiff, need to download entire > database > >>>>>>>>>>> Downloading daily.cvd [100%] > >>>>>>>>>>> daily.cvd updated (version: 21466, sigs: 83889, f-level: 63, > >> builder: > >>>>>>>>>>> amishhammer) > >>>>>>>>>>> Empty script bytecode-275.cdiff, need to download entire > database > >>>>>>>>>>> Downloading bytecode.cvd [100%] > >>>>>>>>>>> bytecode.cvd updated (version: 275, sigs: 45, f-level: 63, > >> builder: > >>>>>>>>>>> amishhammer) > >>>>>>>>>>> Database updated (4302724 signatures) from db.local.clamav.net > >> (IP: > >>>>>>>>>>> 193.1.193.64) > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>>> On Wed, Mar 16, 2016 at 9:00 PM, Al Varnell < > alvarn...@mac.com> > >> wrote: > >>>>>>>>>>>> > >>>>>>>>>>>> Those are normal messages for an update of this kind. The > >> 21465.cdiff > >>>>>>>>> was > >>>>>>>>>>>> purposely blank in order to force you to download the entire > >> daily.cvd. > >>>>>>>>>>>> Give it plenty of time as the main.cvd is 109MB. > >>>>>>>>>>>> > >>>>>>>>>>>> Technical details: < > >>>>>>>>> > >> > http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance.html > >>>>>>>>>>>> > >>>>>>>>>>>> -Al- > >>>>>>>>>>>> > >>>>>>>>>>>>> On Wed, Mar 16, 2016 at 08:56 PM, Jason J. W. Williams wrote: > >>>>>>>>>>>>> > >>>>>>>>>>>>> Thanks. Hopefully it'll sync up soon. I'm getting weird > >> download > >>>>>>>>> errors > >>>>>>>>>>>> out > >>>>>>>>>>>>> of freshclam: > >>>>>>>>>>>>> > >>>>>>>>>>>>> WARNING: getfile: Error while reading database from > >>>>>>>>> db.local.clamav.net > >>>>>>>>>>>>> (IP: 200.236.31.1): Operation now in progress > >>>>>>>>>>>>> WARNING: getpatch: Can't download daily-21465.cdiff from > >>>>>>>>>>>> db.local.clamav.net > >>>>>>>>>>>>> nonblock_recv: recv timing out (30 secs) > >>>>>>>>>>>>> WARNING: getfile: Error while reading database from > >>>>>>>>> db.local.clamav.net > >>>>>>>>>>>>> (IP: 194.186.47.19): Operation now in progress > >>>>>>>>>>>>> WARNING: getpatch: Can't download daily-21465.cdiff from > >>>>>>>>>>>> db.local.clamav.net > >>>>>>>>>>>>> Empty script daily-21465.cdiff, need to download entire > >> database > >>>>>>>>>>>>> > >>>>>>>>>>>>> On Wed, Mar 16, 2016 at 8:54 PM, Al Varnell < > alvarn...@mac.com > >>> > >>>>>>>>> wrote: > >>>>>>>>>>>>> > >>>>>>>>>>>>>> The new database was just made available, so I recommend you > >> hold off > >>>>>>>>>>>>>> until you have the new mail.cvd v57 and daily.cvd v21466 > >> before > >>>>>>>>> getting > >>>>>>>>>>>> too > >>>>>>>>>>>>>> excited about this. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> -Al- > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> On Wed, Mar 16, 2016 at 08:49 PM, Jason J. W. Williams > wrote: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> As of the latest daily update, running ClamAV against the > >> EICAR test > >>>>>>>>>>>>>> string > >>>>>>>>>>>>>>> reports Win.Trojan.Trojan-605 instead of > >> Eicar-Test-Signature. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> -J > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> _______________________________________________ > >>>>>>>>> Help us build a comprehensive ClamAV guide: > >>>>>>>>> https://github.com/vrtadmin/clamav-faq > >>>>>>>>> > >>>>>>>>> http://www.clamav.net/contact.html#ml > >>>>>>>> _______________________________________________ > >>>>>>>> Help us build a comprehensive ClamAV guide: > >>>>>>>> https://github.com/vrtadmin/clamav-faq > >>>>>>>> > >>>>>>>> http://www.clamav.net/contact.html#ml > >>>>>>> > >>>>>>> -Al- > >>>>>>> -- > >>>>>>> Al Varnell > >>>>>>> Mountain View, CA > >>>>>> _______________________________________________ > >>>>>> Help us build a comprehensive ClamAV guide: > >>>>>> https://github.com/vrtadmin/clamav-faq > >>>>>> > >>>>>> http://www.clamav.net/contact.html#ml > >>>>> > >>>>> -Al- > >>>>> -- > >>>>> Al Varnell > >>>>> Mountain View, CA > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> _______________________________________________ > >>>>> Help us build a comprehensive ClamAV guide: > >>>>> https://github.com/vrtadmin/clamav-faq > >>>>> > >>>>> http://www.clamav.net/contact.html#ml > >>>> > >>>> _______________________________________________ > >>>> Help us build a comprehensive ClamAV guide: > >>>> https://github.com/vrtadmin/clamav-faq > >>>> > >>>> http://www.clamav.net/contact.html#ml > >>> _______________________________________________ > >>> Help us build a comprehensive ClamAV guide: > >>> https://github.com/vrtadmin/clamav-faq > >>> > >>> http://www.clamav.net/contact.html#ml > >> > >> -Al- > >> -- > >> Al Varnell > >> Mountain View, CA > >> > >> > >> > >> > >> > >> _______________________________________________ > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > >> > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
