Re: [clamav-users] clamav ignoring HTTPProxyServer/HTTPProxyPort in freshclam.conf?

Am 17.02.2016 um 19:34 schrieb Kevin Kretz: > I posted earlier this month, but maybe my subject wasn't informative enough. > > We use ClamAV as part of Zimbra. In freshclam.conf I have HTTPProxyServer > and HTTPProxyPort set. But I still see DNS lookups to hostnames like > > daily.21375.77.1.0

Re: [clamav-users] False positive

On Feb 17, 2016, at 9:01 PM, Tsutomu Oyamada wrote: > A false positive which detects normal file as a malware > "win.Trojan.Bancos-2115" was occurred last week. > It was started CVD version 21359 and was fixed by 21362. > Could you tell us what was the cause of this false positive? Did you read t

[clamav-users] False positive

Hi, A false positive which detects normal file as a malware "win.Trojan.Bancos-2115" was occurred last week. It was started CVD version 21359 and was fixed by 21362. Could you tell us what was the cause of this false positive? And also, could you tell us what steps do you take to prevent false po

Re: [clamav-users] Zip.Suspect.MacroDoubleExtension-zippwd false positive

My experience with these kind of failures is that the pattern is not properly anchored or the writer doesn't understand greedy grep patterns or both. Fallout from the new pcregrep, perhaps? I've not analyzed it so am speculating here, but lessons learned after decades of doing this is of regex r

Re: [clamav-users] Are Win.Trojan.Shopperz and Win.Trojan.Uztuby-3 false positives?

i was going to do the report as you suggested but someone else seems to have beaten me to it. Clamscan on VirusTotal now reports it as clean as does my local instance of clamscan and dnsapi.dll. - JD - Às 19:30 de 17-02-2016, Al Varnell escreveu: > Then you need to report that as a False Positive

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

On Wednesday 17 February 2016 14:54:02 Groach wrote: > (How do people reply to keep threading? And can they if hey odnt have > a recent reply by email? Humph!!) Since you came in thru yahoo, you probably cannot without starting your own thread. IMO yahoo is somewhat busted, and google-groups s

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

On Wednesday 17 February 2016 14:12:54 Groach wrote: > On 17/02/2016 19:34, Gene Heskett wrote: > > On Wednesday 17 February 2016 12:01:11 Noel Jones wrote: > >> On 2/17/2016 10:40 AM, Joel Esler (jesler) wrote: > >>> Okay, so this is a long email, let me respond inline: > >>> > >>> > >>> -- > >>>

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

For my, I use Mail.app the majority of the time. Apparently if I delete lines and inline reply like I do in Thunderbird, Mail.app just tells me to eat dust and unthreads the whole thing. Guess I should file a bug with Apple. -- Joel Esler Manager, Talos Group On Feb 17, 2016, at 2:54 PM, G

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

Thank you for your input. We’ll take it under consideration for current efforts. On February 17, 2016 at 5:52:36 PM, Groach (groachmail-stopspammin...@yahoo.com) wrote: Hello Well I wasnt going to post any more but just to be sure I want to make

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

Hello Well I wasnt going to post any more but just to be sure I want to make and clarify two points: I was unaware that we terminated Windows systems. Is this true? Were systems rendered completely inoperable? I hope that you are acknowledging that a windows 'system' is more than just a ba

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

I am sure we could go back and forth on and off list about these issues until we are blue in the face. There are many things below that are incorrect, assumptions or otherwise. I'm not going to respond to every bullet, but there are some that need to be corrected in order for perception to be cor

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

Last response LABELLED IN BRACKETS for reference in my reply below On 17/02/2016 21:06, Joel Esler wrote: Let's try this inline-reply thing again, apologies for last time. On 2/17/16 12:15 PM, Groach wrote: Hello Joel I mentioned the Clamwin forum moderators to show that loyal people are equa

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

Let's try this inline-reply thing again, apologies for last time. On 2/17/16 12:15 PM, Groach wrote: > Hello Joel > > I mentioned the Clamwin forum moderators to show that loyal people are > equally dismayed. I am well aware that you guys do not view the forum > and probably only view this maili

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

On 2/17/16 1:34 PM, Gene Heskett wrote: > On Wednesday 17 February 2016 12:01:11 Noel Jones wrote: > >> On 2/17/2016 10:40 AM, Joel Esler (jesler) wrote: >>> Okay, so this is a long email, let me respond inline: >>> >>> >>> -- >>> Joel Esler >>> Manager, Talos Group >> >> Unfortunately, due to l

Re: [clamav-users] Are Win.Trojan.Shopperz and Win.Trojan.Uztuby-3 false positives?

Then you need to report that as a False Positive by uploading dnsapi.dll to http://www.clamav.net/reports/fp. If you joint the clamav-virusdb list you will be notified when it’s been taken care of. -Al- -- Al Varnell ClamXav User On Feb 17, 2016, at 10:24 AM, JD Ackle wrote: > Concerning t

Re: [clamav-users] Are Win.Trojan.Shopperz and Win.Trojan.Uztuby-3 false positives?

Sorry about the misdirection on my greeting. It should have been: "Thank you for the answer, AL!" That's what happens when I'm writing a single message on two different computers and alternating between mail program and mail webpage... Às 18:24 de 17-02-2016, JD Ackle escreveu: > Thank you for th

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

On Wednesday 17 February 2016 12:01:11 Noel Jones wrote: > On 2/17/2016 10:40 AM, Joel Esler (jesler) wrote: > > Okay, so this is a long email, let me respond inline: > > > > > > -- > > Joel Esler > > Manager, Talos Group > > Unfortunately, due to lack of quoting it's impossible to tell which > pa

[clamav-users] clamav ignoring HTTPProxyServer/HTTPProxyPort in freshclam.conf?

I posted earlier this month, but maybe my subject wasn't informative enough. We use ClamAV as part of Zimbra. In freshclam.conf I have HTTPProxyServer and HTTPProxyPort set. But I still see DNS lookups to hostnames like daily.21375.77.1.0.AC122E0A.ping.clamav.net daily.21375.77.1.0.AC122E0A.pi

[clamav-users] Virus DB Mails failed.

the last few mails result in the following on my Mailserver ... SMTP error: 550 5.6.0 improper use of 8-bit data in message body smime.p7s Description: S/MIME Cryptographic Signature ___ Help us build a comprehensive ClamAV guide: https://github.com

Re: [clamav-users] Are Win.Trojan.Shopperz and Win.Trojan.Uztuby-3 false positives?

Thank you for the answer, Joel Although I wouldn't be surprised myself to learn an ISP included Adware in something they provided for free, Shopperz was not the one found on my free copy of Panda Antivirus Pro, it was Uztuby-3 (Shopperz was on dnsapi.dll).That being said, I had previously downl

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

Hello Joel I mentioned the Clamwin forum moderators to show that loyal people are equally dismayed. I am well aware that you guys do not view the forum and probably only view this mailing list but (to my own cost - as I am about to find out with this post) this is not the easiest platform to

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

On 2/17/2016 10:40 AM, Joel Esler (jesler) wrote: > Okay, so this is a long email, let me respond inline: > > > -- > Joel Esler > Manager, Talos Group > Unfortunately, due to lack of quoting it's impossible to tell which parts are yours. -- Noel Jones

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

Okay, so this is a long email, let me respond inline: -- Joel Esler Manager, Talos Group On Feb 17, 2016, at 9:40 AM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: Hello Ok, in short you know about the disaster last week where a single signature was issued by ClamAV that lit

Re: [clamav-users] ClamAV FP/Malware Submissions

Mark, No, we received them. They just weren’t being processed correctly. This has been fixed now. -- Joel Esler Manager, Talos Group On Feb 17, 2016, at 3:48 AM, Mark Allan mailto:markjal...@gmail.com>> wrote: Thanks Joel. Do we need to resubmit the FPs we submitted over the last week-o

[clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

Hello Ok, in short you know about the disaster last week where a single signature was issued by ClamAV that literally BROKE peoples windows systems (PC's, Servers). Many suffered, some reported and I myself was one that had my mail server halted in its tracks (and my business's email ope

Re: [clamav-users] Recent rash of FPs

All sigs have a number at the end. Unless it's the first with that name. -- Joel Esler iPhone On Feb 17, 2016, at 6:08 AM, Mark Allan mailto:markjal...@gmail.com>> wrote: Hi all, I'm just wondering if there's an underlying reason for the recent rash of FP detections. From my own experience,

[clamav-users] Recent rash of FPs

Hi all, I'm just wondering if there's an underlying reason for the recent rash of FP detections. From my own experience, with the exception of 3 signatures, all of the ones I've had to report and/or whitelist locally have a sig name ending in -xxx where xxx is a number. Are these numbered sigs

Re: [clamav-users] ClamAV FP/Malware Submissions

Thanks Joel. Do we need to resubmit the FPs we submitted over the last week-or-so, or did you actually receive them OK? Mark > On 16 Feb 2016, at 11:48 pm, Joel Esler (jesler) wrote: > > It appears that we have resolved the issue with FP/Malware submissions on > ClamAV.net