Re: [clamav-users] reported before, makes no sense

>> UNOFFICIAL means it did not come from ClamAV®. >> You need to take it up with whomever maintains the MBL database. >> MalwarePatrol? > I don't recall every subscribing to that service, and the clamav- > unofficial sigs database is not installed, and never has bee

Re: [clamav-users] reported before, makes no sense

On Fri, 2014-05-16 at 02:03 -0400, Gene Heskett wrote: > On Friday 16 May 2014 00:59:44 Al Varnell did opine > And Gene did reply: > > UNOFFICIAL means it did not come from ClamAV®. > > > > You need to take it up with whomever maintains the MBL database. > > MalwarePatrol?

Re: [clamav-users] reported before, makes no sense

On Friday 16 May 2014 00:59:44 Al Varnell did opine And Gene did reply: > UNOFFICIAL means it did not come from ClamAV®. > > You need to take it up with whomever maintains the MBL database. > MalwarePatrol? I don't recall every subscribing to that service, and the

Re: [clamav-users] reported before, makes no sense

UNOFFICIAL means it did not come from ClamAV®. You need to take it up with whomever maintains the MBL database. MalwarePatrol? -Al- -- Al Varnell Mountain View, CA On May 15, 2014, at 9:38 PM, Gene Heskett wrote: > /home/gene/.cxoffice/tie/crossover.tieVIRI: M

[clamav-users] reported before, makes no sense

/home/gene/.cxoffice/tie/crossover.tieVIRI: MBL_343814.UNOFFICIAL FOUND /home/gene/.cxoffice/tie/download/crossover.tie.gz: MBL_343814.UNOFFICIAL FOUND --- SCAN SUMMARY --- Known viruses: 3752049 Engine version: 0.98.1 Scanned directories: 16112 Scanned files: 191474 Infected file

Re: [clamav-users] FP-Report: Email.Trojan-417

Julian, Please run freshclam again and scan the file. It should not be alerting anymore. Thanks, Shaun On Thu, May 15, 2014 at 10:07 AM, Shaun Hurley wrote: > Julian and Al, > > I thought this was signature was removed on Tuesday. I think I found the > problem and should have this resolved lat

Re: [clamav-users] FP-Report: Email.Trojan-417

Julian and Al, I thought this was signature was removed on Tuesday. I think I found the problem and should have this resolved later today. Please let me know if you have any questions. Thank you, Shaun Hurley Cisco Malware Reseearcher On Thu, May 15, 2014 at 3:40 AM, Al Varnell wrote: > > On

Re: [clamav-users] FP-Report: Email.Trojan-417

On Thu, May 15, 2014 at 12:34 AM, Julian Hansmann wrote: > > > Am 15.05.2014 09:11, schrieb Al Varnell: >> On Thu, May 15, 2014 at 12:04 AM, Julian Hansmann wrote: >>> thank your very much for your responses. I added the signatures >>> name to the whitelist which works flawless. >> >> The signa

Re: [clamav-users] FP-Report: Email.Trojan-417

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 15.05.2014 09:11, schrieb Al Varnell: > On Thu, May 15, 2014 at 12:04 AM, Julian Hansmann wrote: >> thank your very much for your responses. I added the signatures >> name to the whitelist which works flawless. > > The signature was removed almost

Re: [clamav-users] FP-Report: Email.Trojan-417

On Thu, May 15, 2014 at 12:04 AM, Julian Hansmann wrote: > thank your very much for your responses. I added the signatures name > to the whitelist which works flawless. The signature was removed almost immediately after the announcement, so you should no longer need the whitelist. > I can see th

Re: [clamav-users] FP-Report: Email.Trojan-417

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey all, thank your very much for your responses. I added the signatures name to the whitelist which works flawless. I can see that sending an attachment with an double extension is somehow sensless and suspicious however I think you can't take that