Thanks everyone, I should've done that first Steve, but I got it working I
uninstalled it just in case some of my files were possibly messed up,
reinstalled and had to go into service manager to turn it on, now email is
flowing through again!
> Date: Tue, 28 Jul 2015 12:14:22 -0400
> From: smor.
Clamd running? I get that same result from clamdscan(connection refused) if
clamd is not started.
127.0.0.1 is fine for clamd as long as all of your clamdscan/clamav-milter
requests are initiated from the machine clamd is running on.
On Mon, Jul 27, 2015 at 9:24 PM, josh schooler
wrote:
> 2015-
worked properly after enabling PUA.
Cheers,
--PK
On Tue, Jul 28, 2015 at 8:14 PM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
>
> On Tue, July 28, 2015 3:41 pm, P K wrote:
> > So how to detect same in my clamAv?
> >
>
> Until a proper sig is added, you could try
>
> clamscan --detect
So how to detect same in my clamAv?
On Tue, Jul 28, 2015 at 8:08 PM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
>
> On Tue, July 28, 2015 3:27 pm, P K wrote:
> > a3e8a7602797c69f6320225e8137d063 exploit.pdf
> >
>
> ClamAV isn't showing detection here:
>
>
> https://www.virustotal.com
On Tue, July 28, 2015 3:41 pm, P K wrote:
> So how to detect same in my clamAv?
>
Until a proper sig is added, you could try
clamscan --detect-pua=yes
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
___
Help us build a comprehe
On Tue, July 28, 2015 3:27 pm, P K wrote:
> a3e8a7602797c69f6320225e8137d063 exploit.pdf
>
ClamAV isn't showing detection here:
https://www.virustotal.com/en/file/61c9333604404addf7e3aaf97f89d4ed3bf6fe4d12bd3e98bc7232ebfd9f0c5b/analysis/
But does detect using PUA:
ClamAV: Possibly Unwanted Ap
a3e8a7602797c69f6320225e8137d063 exploit.pdf
On Tue, Jul 28, 2015 at 5:14 PM, Joel Esler (jesler)
wrote:
> Can you provide us with the hash for the file?
>
> --
> Joel Esler
> Manager, Threat Intelligence and Open Source
> Talos Group
> Sent from my iPhone
>
> On Jul 28, 2015, at 7:43 AM, P K
Can you provide us with the hash for the file?
--
Joel Esler
Manager, Threat Intelligence and Open Source
Talos Group
Sent from my iPhone
On Jul 28, 2015, at 7:43 AM, P K
mailto:pkopen...@gmail.com>> wrote:
Sure. I uploaded same. I wanted someone else to try to make sure its issue
with clamav.
Sure. I uploaded same. I wanted someone else to try to make sure its issue
with clamav.
Can you point me any other real virus(except eicar) to try to make sure my
clamAv working properly.
I want to try clamav by sending real virus file.
Thanks
--Pk
-- Forwarded message --
From: A
So that the signature get updated, if necessary. Either your sample is
actually attempting to exploit CVE-2009-4324 and it's evading detecting
through our current signature (Exploit.PDF.CVE_2009_4324), our your sample
isn't attempting exploit CVE-2009-4324. Either way, your sample would be
helpful
Sure. I will submit but as per clamav Database this signature is already in
database.
Why we should submit sample again?
On Tue, Jul 28, 2015 at 4:58 PM, Alain Zidouemba
wrote:
> Yes, please do so. Submit your sample here:
> http://www.clamav.net/report/report-malware.html and provide the MD5
Yes, please do so. Submit your sample here:
http://www.clamav.net/report/report-malware.html and provide the MD5 or
SHA256 of the sample you submitted as a reply to this email.
Thanks,
- Alain
On Tue, Jul 28, 2015 at 11:01 AM, Al Varnell wrote:
> It does not match the signature for Exploit.PDF
yes i created pdf with virus by following link
http://www.decalage.info/exefilter_pdf_exploits
Virus is detected in gmail but its not detected in my Clamscan.
I feel something wrong in clamav configuration.
Just wanted anyone else to try and know where is issue.
On Tue, Jul 28, 2015 at 4:31 PM,
It does not match the signature for Exploit.PDF.CVE_2009_4324.
It’s looking for a two part signature:
In your document there are spaces in the string "/S /JavaScript /JS” which are
not in the signature.
Your document contains the string "media.newPlayer(null)” whereas the signature
is looking
So you generated a brand new malicious pdf? (Trying to understand what the
question is) Did you submit said malicious pdf to us? Perhaps you could write
your own detection and submit it to us via the community signature program?
--
Joel Esler
Manager, Threat Intelligence and Open Source
Talos G
Hi Guys,
Still waiting for an answer.
On Thu, Jul 23, 2015 at 8:21 PM, P K wrote:
> Hi Guys,
>
> I am testing clamav in my local system to detect POST data's from network.
> I am newbie in ClamAv and want to test with real time signatures.
>
> I tested with Eicher Test Signature and it works fi
16 matches
Mail list logo
