Hi Joel, Appreciate you chiming in. For what its worth, I can confirm David Shrimpton's suggestion of adding Vbs.Downloader.Generic-6431223-0 to local.ign2 stops the problem.
-J On Fri, Jan 26, 2018 at 7:38 AM, Joel Esler (jesler) <jes...@cisco.com> wrote: > There are a bunch of threads going on, so I am going to try and address > most of them with this email, sorry if I leave anything out. > > There are reports of exploits against 0.99.2 in the wild. Heise reports > on that (in german, can't find an english source right now): > https://heise.de/-3951801 > > No that I have seen. Maybe I'm wrong and maybe one of my coworkers here > at Cisco knows something that I don't, but all of the referenced CVE's in > my blog post here: http://blog.clamav.net/2018/01/clamav-0993-has-been- > released.html were disclosed to us responsibly by the folks from > Offensive Research at Salesforce.com<http://Salesforce.com>. We > appreciate their work, and it helps tremendously. > > Reading through the > thread, it doesn't appear that ClamAV has fixed the signatures yet (as of > 24257), or am I wrong? > > > We are currently reviewing the issue to see if we can isolate the cause > and work out a fix. This is a "All Hands on Deck" situation (https://en. > oxforddictionaries.com/definition/all_hands_on_deck) here. We apologize > for any issues, and we'll do a post mortem analysis once we fix it to > figure out what went wrong and what we can do to remedy this in the future. > > ClamAV QA team: In future, please run new signatures against a clamd > process a few thousand times to check for possible resource leakage. > > > Thank you for your suggestion. We have had some transition in personnel > in the last several months on the ClamAV team, as well as further > augmenting our QA resources. I'm not making excuses, I'm just trying to > let you all know the reality we've faced. We want to change the model of > ClamAV to be even more open source and develop more in a "Bazaar" method. > More on this over time. > > Re: Mail loops > > which f**g idiot is responsible for that? > > Unfortunately Reindl, from what you reported, and your eloquent > description, I'm not sure what the issue is. I'm not seeing that issue on > my side. > > Am 26.01.2018 um 15:40 schrieb Joel Esler (jesler): > As previously mentioned, if you downloaded the beta version of ClamAV > 0.99.3, you will need to completely uninstall it and do a fresh install > with the production version of 0.99.3 as there are significant code > differences > > when i read something like this in 2018 my brain ends with a bluescreen > > This is something we debated for a couple weeks here internally and we > found this to be the best solution. We were stuck between a rock in and a > hard place. Trust me, this is not the user experience I want for our users > either, but we were faced with a tough choice, and replacing the 0.99.3 > beta with a completely different codebase was the one we found to be the > best path forward without upsetting even more people. > > > > > > -- > Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> > > > > > > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
