Re: [clamav-users] RHEL 6 Clam AV Installation

Am 14.11.2017 um 20:07 schrieb Walker, Jason T: I'm trying to install your product on a RHEL 6.9 PC. Your documentation refers to the yum repository as a source of the RPM file, however yum replies that the RPMs do not exist for the following packages: 1) Epel-release 2) Clamav

Re: [clamav-users] RHEL 6 Clam AV Installation

Hello Jason, Using Yum, I can do the following command and download both Epel-release and clamav. This of course, downloads 99.2 (not the beta version). yum install -y epel-release yum install -y clamav Duck]# yum install -y epel-release Loaded plugins: fastestmirror, refresh-packagekit, secur

[clamav-users] RHEL 6 Clam AV Installation

Hello, I'm trying to install your product on a RHEL 6.9 PC. Your documentation refers to the yum repository as a source of the RPM file, however yum replies that the RPMs do not exist for the following packages: 1) Epel-release 2) Clamav Any assistance on this installation is app

Re: [clamav-users] password protected encrypted .docx files

I found this older message in the archives. I'm receiving a lot of fake "Invoice" messages with attached encrypted .doc files that run VB scripts and execute .exe files. I'd like to block encrypted Word documents. Interestingly, as Reindl Harald says, ".docx files *are* zip files", but lately I'v

Re: [clamav-users] Virus Malvare not detected

Scan the attachment, clamav not detect this file. El 14/11/17 a las 09:51, Al Varnell escribió: You mentioned two attachments. Kaspersky and ClamXAV appear to catch the first one, but neither catch the second one you showed us. The SHA246 for a file is the same no matter what scanner is used.

Re: [clamav-users] Virus Malvare not detected

You mentioned two attachments. Kaspersky and ClamXAV appear to catch the first one, but neither catch the second one you showed us. The SHA246 for a file is the same no matter what scanner is used. -Al- On Tue, Nov 14, 2017 at 04:36 AM, Emanuel wrote: > the first scan is with kaspersky online >

Re: [clamav-users] Virus Malvare not detected

the first scan is with kaspersky online El 14/11/17 a las 09:31, Al Varnell escribió: That's not the same file you showed before. The SHA256 is different. -Al- On Tue, Nov 14, 2017 at 04:23 AM, Emanuel wrote: Please see https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da27

Re: [clamav-users] Virus Malvare not detected

That's not the same file you showed before. The SHA256 is different. -Al- On Tue, Nov 14, 2017 at 04:23 AM, Emanuel wrote: > Please see > > https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/ > >

Re: [clamav-users] Virus Malvare not detected

Please see https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/ El 14/11/17 a las 09:00, Al Varnell escribió: According to VirusTotal, ClamAV does detect it as Doc.Dropper.Agent-6369707-0

Re: [clamav-users] Virus Malvare not detected

According to VirusTotal, ClamAV does detect it as Doc.Dropper.Agent-6369707-0

Re: [clamav-users] Virus Malvare not detected

Please submit malware samples to ClamAV.net Sent from my iPhone On Nov 14, 2017, at 6:36 AM, Emanuel mailto:emanuel.gonza...@donweb.com>> wrote: Hello, I received two docs files in a email with the Subject "Invoice". The attachment is a malware virus, clamav not detected th

[clamav-users] Virus Malvare not detected

Hello, I received two docs files in a email with the Subject "Invoice". The attachment is a malware virus, clamav not detected this. Scan with kaspersky Scan result File is infected Detected threats Trojan-Downloader.MSWord.Agent.bqx File size 144.95 KB File type OOXML/DOCUMENT Scan date Nov

Re: [clamav-users] FP Heuristics.Phishing.Email.SpoofedDomain with amazon

Hello, based on my working whitelist regex i would say the 2nd part should not look only for amazon\.com If i understood it the correct way it should be something like: X:.+\.amazon\.(at|ca|co\.uk|co\.jp|com|de|fr)([/?].*)?:.+\.amazon\.(com|de)([/?].*)? Using this regex shows a clean mail.

Re: [clamav-users] FP Heuristics.Phishing.Email.SpoofedDomain with amazon

On Tue, Nov 14, 2017 at 01:48 AM, Hajo Locke wrote: > Hello, > > > Am 14.11.2017 um 10:44 schrieb Al Varnell: >> I'm not very good at regex, but I'm surprised that this current X record >> doesn't already take care of this: >> >> X:.+\.amazon\.(at|ca|co\.uk|co\.jp|com|de|fr)([/?].*)?:.+\.amazon

Re: [clamav-users] FP Heuristics.Phishing.Email.SpoofedDomain with amazon

Hello, Am 14.11.2017 um 10:44 schrieb Al Varnell: I'm not very good at regex, but I'm surprised that this current X record doesn't already take care of this: X:.+\.amazon\.(at|ca|co\.uk|co\.jp|com|de|fr)([/?].*)?:.+\.amazon\.com([/?].*)? me too. in which file is this regex located? -Al- O

Re: [clamav-users] FP Heuristics.Phishing.Email.SpoofedDomain with amazon

I'm not very good at regex, but I'm surprised that this current X record doesn't already take care of this: X:.+\.amazon\.(at|ca|co\.uk|co\.jp|com|de|fr)([/?].*)?:.+\.amazon\.com([/?].*)? -Al- On Tue, Nov 14, 2017 at 01:19 AM, Hajo Locke wrote: > Hello List, > > i think i found an fp in incomi

[clamav-users] FP Heuristics.Phishing.Email.SpoofedDomain with amazon

Hello List, i think i found an fp in incoming mail.  I cant submit mail as FP on website, because it contains private data. I can provide debug output which leads to match: LibClamAV debug: Phishcheck:URL after cleanup: https://sellercentral-europe.amazon.com->http://www.amazon.de LibClamAV d