Hi,
When submitting samples they are treated as false positives.
Result:
This file is not detected by ClamAV. Please update your CVD database
before reporting false-positives. If you are using third-party
databases/unofficial signatures, please contact the author of the
signature. We can onl
On Mar 9, 2010, at 3:55 PM, Tom Shaw wrote:
> I want to change how I run freshclam on OSX from running as a deamon to
> running periodically using launchd. Unfortunately, freshclam's returning of 1
> when no updates were required causes issues with launchd since it thinks
> freshclam exited abno
I want to change how I run freshclam on OSX from running as a deamon
to running periodically using launchd. Unfortunately, freshclam's
returning of 1 when no updates were required causes issues with
launchd since it thinks freshclam exited abnormally and attempts to
respawn.
Now, I can easil
On Tue, Mar 9, 2010 at 7:12 PM, Tom Shaw wrote:
> At 6:50 PM -0400 3/9/10, Timothy Legge wrote:
>> I would prefer to get the file name in the logs but I had to pass
>> --fdpass as the option so clamd would scan files that it did not have
>> permission to scan.
>>
>> Should I approach this in a dif
On Tue, Mar 9, 2010 at 7:14 PM, Chuck Swiger wrote:
> On Mar 9, 2010, at 3:08 PM, Timothy Legge wrote:
>> The only question now is whether there is a noticable difference in
>> speed between clamdscan and clamscan?
>
> They should scan files at the same speed, but it takes clamscan longer to get
On Mar 9, 2010, at 3:08 PM, Timothy Legge wrote:
> The only question now is whether there is a noticable difference in
> speed between clamdscan and clamscan?
They should scan files at the same speed, but it takes clamscan longer to get
started since it has to load up the virus definitions.
The
At 6:50 PM -0400 3/9/10, Timothy Legge wrote:
Hi
I am trying to schedule a cron job to scan files and if a virus is
noticed to log that via syslog so it can be sent to a remote syslog
server.
I have successfully done this by using clamd and clamdscan however the
logs show:
Mar 9 17:45:04 serv
On Tue, Mar 9, 2010 at 6:50 PM, Timothy Legge wrote:
> Hi
>
> I am trying to schedule a cron job to scan files and if a virus is
> noticed to log that via syslog so it can be sent to a remote syslog
> server.
[snip]
> Should I approach this in a different way like using clamscan instead?
> It d
Hi
I am trying to schedule a cron job to scan files and if a virus is
noticed to log that via syslog so it can be sent to a remote syslog
server.
I have successfully done this by using clamd and clamdscan however the
logs show:
Mar 9 17:45:04 server1 clamd[26200]: fd[12]: Eicar-Test-Signature F
Török Edwin wrote:
The existing whitelist doesn't pass because amazon.com doesn't have
anything preceding it.
Try this:
X:.+\.amazon\.(at|ca|co\.uk|co\.jp|com|de|fr)([/?].*)?:(.+\.)?amazon\.com([/?].*)?:17-
Looks good, thanks!
I've put this in daily.wdb on the live servers; is that the
offi
On 03/09/2010 08:06 PM, Kris Deugau wrote:
> Török Edwin wrote:
>> It should already be whitelisted:
>> X:.+\.amazon\.(at|ca|co\.uk|co\.jp|com|de|fr)([/?].*)?:.+\.amazon\.com([/?].*)?:17-
>>
>> X:.+:.+images\.amazon\.com([/?].*)?:17-
>>
>> What is the domain of the image, and the domain of the href
Török Edwin wrote:
It should already be whitelisted:
X:.+\.amazon\.(at|ca|co\.uk|co\.jp|com|de|fr)([/?].*)?:.+\.amazon\.com([/?].*)?:17-
X:.+:.+images\.amazon\.com([/?].*)?:17-
What is the domain of the image, and the domain of the href target?
Can you craft a simple example html mail with just
On 09/03/2010 12:18 PM, Jim Preston wrote:
Just a coursoity, did you report the PhishinScanURL problem?
No, I didn't get the chance. It was crazy busy around that period and
come January I had forgotten all about it.
This thread just reminded me.
Regards,
Rick
_
Hi,
You'll also see the problem with orders from Sears and a few other
retailers. I had to disable PhishingScanURLs here starting in early
December due to all the false positives.
Regards,
Rick
Hi Rick,
Just a coursoity, did you report the PhishinScanURL problem?
Thanks, Jim
___
I have been getting these messages in my logs when a message is detected
as
a virus:
Mar 8 08:44:56 mypc clamav-milter[6112]: Message o27LiRP8029635 from
to with subject 'Important notice: Google'
message-id 'UNKNOWN' date 'UNKNOWN' infected by
Sanesecurity.Junk.22168.UNOFFICIAL
Is it possib
On 09/03/2010 11:52 AM, Kris Deugau wrote:
I just received a report from a customer about a legitimate Amazon.ca
order confirmation that tripped the
Phishing.Heuristics.Email.SpoofedDomain code in Clamav (0.95.3 from
Debian lenny volatile).
I'm not sure what this heuristic test looks for, but af
On 03/09/2010 06:52 PM, Kris Deugau wrote:
> I just received a report from a customer about a legitimate Amazon.ca
> order confirmation that tripped the
> Phishing.Heuristics.Email.SpoofedDomain code in Clamav (0.95.3 from
> Debian lenny volatile).
>
> I'm not sure what this heuristic test looks f
I just received a report from a customer about a legitimate Amazon.ca
order confirmation that tripped the
Phishing.Heuristics.Email.SpoofedDomain code in Clamav (0.95.3 from
Debian lenny volatile).
I'm not sure what this heuristic test looks for, but after inspecting
the message source I'm pr
18 matches
Mail list logo
