[Clamav-users] Ubuntu package and Clamuko
Hello, I'm using Ubuntu 9.04 and clamav-0.95.2 package. When I set "ClamukoScanOnAccess yes" and "ClamukoScanOnOpen yes" in clamd.conf, the daemon logs that message: Clamuko is not available. Is there any another package to install ? regards, Fred ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] DHL invoices
On 2009-09-24 01:02, Jari Fredriksson wrote: >> I am a tad confused about your reporting comment as the >> clamav web reporting mechanism works fine at least for me >> and you can also >> report via virustotal as well. >> >> Anyway glad your happy with your config. >> >> Tom >> >> btw its winnow as in to remove the wheat from the chaff >> and has >> nothing to to with Microsoft or Windows per se. >> >> > > Seems to work. I just got this: > > -- > A virus was found: W32/Downldr3.GW > > Banned name: .exe,.exe-ms,open.exe > Scanners detecting a virus: F-PROT Antivirus for UNIX, BitDefender > > Content type: Virus > Internal reference code for the message is 13583-14/VsfAsW0VCfpo > > -- > > I sent it to ClamAV website and it said thanks. > > As I have told, I have three scanners online, F-Prot, BitDefender and ClamAV > vanilla. If ClamAV does not catch it, I want to help and report. > > This went thru. The one this thread is all about did not. > Does ClamAV detect it if you run clamscan --detect-pua=yes sample.zip? Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] DHL invoices
>> Seems to work. I just got this: >> >> -- >> A virus was found: W32/Downldr3.GW >> >> Banned name: .exe,.exe-ms,open.exe >> Scanners detecting a virus: F-PROT Antivirus for UNIX, >> BitDefender >> >> Content type: Virus >> Internal reference code for the message is >> 13583-14/VsfAsW0VCfpo >> >> -- >> >> I sent it to ClamAV website and it said thanks. >> >> As I have told, I have three scanners online, F-Prot, >> BitDefender and ClamAV vanilla. If ClamAV does not catch >> it, I want to help and report. >> >> This went thru. The one this thread is all about did not. >> > > Does ClamAV detect it if you run clamscan > --detect-pua=yes sample.zip? > clamav NOW detects that even without pua, things updated. But the older DHL-incoices. No. Not even with detect-pua=yes. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] DHL invoices
Hello Jari, > clamav NOW detects that even without pua, things updated. > But the older DHL-incoices. No. Not even with detect-pua=yes. what does the form answer you when you try to submit it? It should reject it with a message. That message can help us to track down the issue. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] DHL invoices
> Hello Jari, > >> clamav NOW detects that even without pua, things updated. >> But the older DHL-incoices. No. Not even with >> detect-pua=yes. > > what does the form answer you when you try to submit it? > It should reject it with a message. > > That message can help us to track down the issue. > > Best regards It says ClamAV already detects the posted sample, and lists the latest version tags. It claims to have detected it, but my copy (Debian volatile) with latest versions does not. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] DHL invoices
On 2009-09-24 16:01, Jari Fredriksson wrote: >> Hello Jari, >> >> >>> clamav NOW detects that even without pua, things updated. >>> But the older DHL-incoices. No. Not even with >>> detect-pua=yes. >>> >> what does the form answer you when you try to submit it? >> It should reject it with a message. >> >> That message can help us to track down the issue. >> >> Best regards >> > > It says ClamAV already detects the posted sample, and lists the latest > version tags. > What is the exact message? (copy+paste please) Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] DHL invoices
Hello Jari, > >> clamav NOW detects that even without pua, things updated. > >> But the older DHL-incoices. No. Not even with > >> detect-pua=yes. > > what does the form answer you when you try to submit it? > > It should reject it with a message. > > That message can help us to track down the issue. > It says ClamAV already detects the posted sample, and lists the latest > version tags. > It claims to have detected it, but my copy (Debian volatile) with latest > versions does not. Yeah, we already know that. Can you please cut&paste the full message returned by the form? Thanks, Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] DHL invoices
> Yeah, we already know that. Can you please cut&paste the full message > returned by the form? Thanks, Hi Luca, I've *just* uploaded 4 copies of the dhl invoice malware that have been missed by up-to-date official sigs. These were blocked using Sanesecurity.Malware.12505.UNOFFICIAL. Hope it helps, Cheers, Steve Sanesecurity ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] DHL invoices
At 2:19 PM +0100 9/24/09, Steve Basford wrote: > Yeah, we already know that. Can you please cut&paste the full message returned by the form? Thanks, Hi Luca, I've *just* uploaded 4 copies of the dhl invoice malware that have been missed by up-to-date official sigs. These were blocked using Sanesecurity.Malware.12505.UNOFFICIAL. Luca, I have a couple of samples as well blocked by winnow.malware.7065.UNOFFICIAL winnow.malware.7066.UNOFFICIAL if you need them. They were originally submitted on 9/18. Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] DHL invoices
At 9:53 AM -0400 9/24/09, Tom Shaw wrote: At 2:19 PM +0100 9/24/09, Steve Basford wrote: > Yeah, we already know that. Can you please cut&paste the full message returned by the form? Thanks, Hi Luca, I've *just* uploaded 4 copies of the dhl invoice malware that have been missed by up-to-date official sigs. These were blocked using Sanesecurity.Malware.12505.UNOFFICIAL. Luca, I have a couple of samples as well blocked by winnow.malware.7065.UNOFFICIAL winnow.malware.7066.UNOFFICIAL if you need them. They were originally submitted on 9/18. PS on second look I have samples all the way back to march. Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] DHL invoices
> On 2009-09-24 16:01, Jari Fredriksson wrote: >>> Hello Jari, >>> >>> clamav NOW detects that even without pua, things updated. But the older DHL-incoices. No. Not even with detect-pua=yes. >>> what does the form answer you when you try to submit it? >>> It should reject it with a message. >>> >>> That message can help us to track down the issue. >>> >>> Best regards >>> >> >> It says ClamAV already detects the posted sample, and >> lists the latest version tags. >> > > What is the exact message? (copy+paste please) > ClamAV detects all now. Can't try and see as the message would be real now. Maybe it really detected that on the web page, but the signature was not yet in production. Sorry about the hassle. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] GTUBE test pattern not being picked up
ClamAV does not pick up the GTUBE test pattern. GTUBE - the Generic Test for Unsolicited Bulk Email. This is one of the tests that nospamtoday uses. See: http://www.nospamtoday.com/emailsecurity/ Is this because it is redundant because of the Eicar test signature? James. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
