hanks,
Alex
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clama
Hi,
I'm using clamav-0.103.8 on fedora37 with the current daily update and have
received a false positive involving the RPMSG secure download that's
apparently part of office365.
For some reason the fp is in the body of the message, not the
message_v2.rpmsg attachment. Here is the entire message:
Hi, this issue was reported some time ago and is still occurring. Any ideas?
./clamsbwrite.py --config /etc/clamd.d/safebrowsing.conf
./clamsbwrite.py:36: SAWarning: relationship 'SBPrefix.hashes' will copy
column sbclient_v4_prefixes.reflist_id to column
sbclient_v4_hashes.reflist_id, which confl
Hi,
> > Is the clamav-safebrowsing repository still maintained?
>
> https://blog.clamav.net/2020/06/the-future-of-clamav-safebrowsing.html
Yes, that's exactly what I'm referring to - your link directs the user
to the new repo, but that has problems, and itself doesn't appear to
be developed any l
Hi,
Is the clamav-safebrowsing repository still maintained?
https://github.com/Cisco-Talos/clamav-safebrowsing
It also appears the SafeBrowsing config option is no longer supported?
When running clamsbwrite.py, I'm seeing an error but have no idea of
what's involved and there doesn't seem to be
ok at your possible solutions.
-Message d'origine-
De : clamav-users De la part de G.W.
Haywood via clamav-users
Envoyé : lundi 11 avril 2022 10:08
À : alex via clamav-users
Cc : G.W. Haywood
Objet : ⚠️ Re: [clamav-users] Is the signature "Win.Tool.Hoax-9939325-0" really
pro
Hi all,
Recently, ClamAV sent us the following alert "Win.Tool.Hoax-9939325-0" on one
of our executables.
This software was developed by our teams and has not been modified since 2014.
And suddenly, an alert is lifted...
After some research in the ClamAV VirusDB announcements, I found that this
ance is rather a slim one.
Yeah, in this case, only the recipient suffers.
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Hi,
The link description is a URL and apparently doesn't match the link
itself, resulting in email from Amazon Business being marked as
malicious. Do I just add this to some kind of allow/bypass list?
How do I go about doing that?
$ clamscan -v amazon-fp.eml
Scanning /home/alex/quarantine/a
Hi,
> >How do I exclude this email from being tagged without having to bypass
> >the Heuristics.Phishing.Email.SpoofedDomain rule altogether?
> >
> >X-Amavis-Alert: INFECTED, message contains virus:
> >Heuristics.Phishing.Email.SpoofedDomain
>
> I think this can be enabled by disabling Phi
Hi,
I have a fedora34 system with clamd-0.103.5 and amavisd/SA/postfix. I
have a newsletter from ncua.gov that keeps getting blocked because it
apparently contains links.gd in the body somewhere, although I can't
find it.
How do I exclude this email from being tagged without having to bypass
the
incorrect.
Thanks,
Alex
Alexander S Rombro
Linux Systems Administration
O: +1 310-647-3202
P: +1 310-203-6699
alexander.s.rom...@rtx.com<mailto:alexander.s.rom...@rtx.com>
Raytheon Technologies
Raytheon Intelligence & Space
2000 East El Segundo Blvd
El Segundo, CA 90245
RTX.com
ript
{
meta:
description = "block javascript"
threat_level = 3
in_the_wild = true
strings:
$a = "/JS"
$b = "<>"
condition:
$a or $b
}
$ clamscan -v JavaScriptClock.pdf
Scanning /home/alex/JavaScriptClock.p
but I don't want to
build a signature for them specifically, but more generally for those
that simply contain javascript.
> Did I get anywhere near to answering your question?
Yes, and very appreciative, as always.
Thanks,
Alex
___
clamav-users
Hi,
I'm using clamav with spamassassin and amavis on fedora33 and would
like to block content based on CL_TYPE_SCRIPT, such as javascript
within a PDF.
https://www.clamav.net/documents/clamav-file-types
How does this work?
___
clamav-users mailing li
Hi,
I'm using clamav-0.103.0 on fedora33 and am interested in the DLP
options. Last I checked, support for it had been discontinued, but as
of 0.102, it appears to have been supported again, at least to block
credit cards and SSNs?
Are there other options available?
Is there more information avai
> > I'm attempting to use the clamsbsync and clamsbywrite Google
> > safebrowsing utils and having some issues.
> > ...
>
> I haven't seen much discussion on this list about safebrowsing, but
> you have changed that recently (and almost single-handedly: of the
> four threads which mention safebrows
Hi,
I'm attempting to use the clamsbsync and clamsbywrite Google
safebrowsing utils and having some issues.
I'm running the following on the database server directly:
python3 ./clamsbsync.py -v --config etc/safebrowsing.conf sync
This sometimes results in the following output:
UpdateClient: WARNI
Hi,
> > (MySQLdb._exceptions.OperationalError) (2006, 'MySQL server has gone away')
> > ...
>
> I don't use safebrowsing and it's a long time since I've used MySQL
> for anything serious, but last time I did this issue was one of the
> most common causes of questions. I don't know, however, if in
Hi,
I'm trying to set up safebrowsing on fedora32 and having a few
problems. I've set up the Google API key and believe I had it running
successfully for some time about three weeks ago, but now I'm unable
to keep it running.
Updates using the "build" option fail with a "duplicate entry" error:
s
ch memory needs to be allocated for clamav to store/process 14M
signatures?
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
htt
Hello, since I downloaded the clamav code I tried to mount it somewhere in
a way that makes some sense but I am not achieving. Can someone tell me how
to mount it and where because for example in devC ++ I get an error.
___
clamav-users mailing list
cla
I'm talking about the source code of the antivirus, but thanks.
El sáb., 5 oct. 2019 a las 15:14, J.R. via clamav-users (<
clamav-users@lists.clamav.net>) escribió:
> > I had already seen all this, but the code itself does not know where it
> is
>
> Are you talking about the virus definitions? Th
I had already seen all this, but the code itself does not know where it is
El jue., 3 oct. 2019 a las 19:16, Eric Tykwinski ()
escribió:
> > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
> Behalf Of Wagde Zabit via clamav-users
> > Sent: Thursday, October 03, 2019 1:09 PM
>
Hi, lately I've been looking for the clamav antivirus code but I don't know
why I can't find it, could you send it to me or tell me where to find it?
Thank you so much
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/
:
clamscan -f ~/list -i -d ~/new.ldb
On Wed, 2019-03-06 at 10:50 +0100, Arnaud Jacques wrote:
> Hello Alex,
>
>
> > We do have a large IMAP ~200GB, and in order to find letters
> > containing specific "keyword",
> > grep is not good because of base64 encoding. So
Hi all,
is it worth trying?
We do have a large IMAP ~200GB, and in order to find letters containing
specific "keyword",
grep is not good because of base64 encoding. So the idea is to look
through with antivirus scanner for "virus" inside letters, which is not
a virus but a (not sure, may be) "by
> As a follow-up, in response to a question as to why they just block
I meant "don't just block", of course ...
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a co
Hi,
> * Alex :
> > Another malwarepatrol fp for docs.google.com
> >
> > # sigtool --find-sigs MBL_17713260 |sigtool --decode-sigs
> > VIRUS NAME: MBL_17713260
> > TARGET TYPE: ANY FILE
> > OFFSET: *
> > DECODED SIGNATURE:
> > https://docs.goog
reason to believe that the Google infrastructure doesn't
host malware. In case you still don't want or can't block such domain,
we advise you to whitelist it before applying our block lists."
On Tue, Oct 23, 2018 at 8:00 PM Alex wrote:
>
> Another malwarepatrol fp for
Another malwarepatrol fp for docs.google.com
# sigtool --find-sigs MBL_17713260 |sigtool --decode-sigs
VIRUS NAME: MBL_17713260
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
https://docs.google.com
I don't even know what to do anymore. Is it worth it to keep malwarepatrol?
Also, my apologie
o know what
I should expect. We've also contributed to Steve's effort at Sane, but
should we be relying on him?
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
On Tue, Aug 21, 2018 at 9:02 AM Steve Basford
wrote:
> On Tue, August 21, 2018 12:27 pm, Dave McMurtrie wrote:
> >
> > I'm beginning to get the feeling they don't have any type of review
> > process in place.
>
> I whitelisted the sig on the Sanesecurity mirrors this morning UK time:
>
> 21/08/201
Hi, fyi
# sigtool --find-sigs MBL_12952716 | sigtool --decode-sigs
VIRUS NAME: MBL_12952716
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
https://drive.google.com
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cg
Hi,
We've recently received a few XPS files as part of a phishing attack
that were not recognized by clamav. Has anyone done any analysis of
the odttf files contained within that they could share?
I'd like to be able to extract the text from them that contains the
URI as part of the phishing atta
Hi,
> That shouldn’t be part of the official ruleset.
Really? No one uses bit.ly for a legitimate purposes?
I don't mean for that to sound sarcastic - I really don't know.
Everyone's heard of / uses bit.ly I thought...
___
clamav-users mailing list
cla
've made a mistake with this vendor...
On Sat, Apr 28, 2018 at 2:26 AM, Gene Heskett wrote:
> On Saturday 28 April 2018 01:06:38 Steve Basford wrote:
>
>> Hi Alex...
>>
>> I've whitelisted the two sigs... until they fix them.. so that might
>> help a little.
&
Hi,
I can't imagine outright blocking https://goo.gl is not a mistake.
$ sigtool --find-sigs MBL_6888621 | sigtool --decode-sigs
VIRUS NAME: MBL_6888621
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
https://goo.gl
MBL_6882958 and MBL_6888621 both hit on https://goo.gl.
I've reported this t
ng to a single mirror because all others were failing. I was
thinking that was the issue for many others as well, connecting to
that same mirror.
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/
We're still seeing timeouts and abysmal transfer speeds. I don't know
if it's related to the OP's issue.
Retrieving http://db.us.clamav.net/safebrowsing-47190.cdiff
Trying to download http://db.us.clamav.net/safebrowsing-47190.cdiff
(IP: 150.214.142.197)
WARNING: getfile: safebrowsing-47190.cdiff
Hi,
We're seeing a large number of false-positives with the above rule. Is
it particularly prone to false-positives? Would someone explain how it
works?
What's perhaps even more strange is that scanning the email again (or
the files within the email) don't produce the same false-positives.
Was t
79907/
If you need any further assistance or have queries regarding your invoice, =
please do not hesitate to contact us.
Respectfully Yours,
Huigens, William B
On Wed, Jul 12, 2017 at 3:02 PM, Alain Zidouemba
wrote:
> Signature will be going out shortly.
>
> On Wed, Jul 12, 2017 at 2
e:
>
>
> 13.07.2017 05:32, Alex пишет:
>> On Wed, Jul 12, 2017 at 3:02 PM, Alain Zidouemba
>> wrote:
>>> Signature will be going out shortly.
>>
>> It's now detected thanks to the amazing work by Steve from
>> sanesecurity. Also appreciate your hel
o investigate.
$ sha1sum GOOGLESER.doc
d42e71932c866f9822c800fe46cd46bdf1b5e739 GOOGLESER.doc
Thanks!
>
> On Wed, Jul 12, 2017 at 2:52 PM, Alex wrote:
>
>> Hi, we've received a word virus that isn't currently being detected by
>> any scanners. I've submitted th
Hi, we've received a word virus that isn't currently being detected by
any scanners. I've submitted the FN, but would like to see if we can
get that pushed out as soon as possible.
$ sha1sum Invoice_SKMBT_20170501.doc
6cc1dd12fbc79311ebaf59e19e562ff63141f457 Invoice_SKMBT_20170501.doc
It's not c
Hi,
I've noticed a large amount of phishing signature false-positives, and
just want to make sure I understand correctly how they work.
I have HeuristicScanPrecedence disabled and all the phishing settings
left as default.
I'm assuming this rule is known to produce a large amount of false-positi
ct ourselves, as it relates to scanning mail at the gateway?
They're talking about more attacks coming on Monday?
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-us
ted in real-time? I don't see any
signatures/descriptions within the last few months.
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehens
gration of yara rules into clamav?
I submitted two more password encrypted word macro viruses as
false-positives to the clamav team several days ago, and they still
aren't being marked properly. I need another way to more quickly
identify vulnerabilities and exploits
I just added Doc.Dropper.Agent-6136130-0 to the scan system, it should be
> published today.
>
>
> --
> Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
>
>
>
>
>
>
> On Mar 22, 2017, at 9:43 AM, Alex
> mailto:mysqlstud...@gmail.co
ved.
>> I don't even bother reporting them to sophos, et al because it's
>> sometimes days before they're added. I was expecting better from
>> clamav...
>
> Interesting, considering Sophos is not a free product.
Yes, sometimes (most times?) it's da
Hi, I reported an encrypted word macro virus this morning, and this
evening it is still not detected by sanesecurity or clamav proper.
How long does it typically take for a sample to be analyzed and a
pattern to be created?
What is the typical procedure going on behind the scenes? Is this a prior
How about
excluding them? What are the default patterns that are included?
Is there active development going on with clamav in this area?
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailma
Hi,
On Fri, Dec 30, 2016 at 9:06 AM, Alex wrote:
> Hi,
>
> On Thu, Dec 29, 2016 at 8:26 AM, Arnaud Jacques / SecuriteInfo.com
> wrote:
>> Hello Alex,
>>
>>> Wed Dec 28 19:05:52 2016 -> Downloading securiteinfo.hdb [*]
>>> Wed Dec 28 19:05:54 2016
Hi,
On Thu, Dec 29, 2016 at 8:26 AM, Arnaud Jacques / SecuriteInfo.com
wrote:
> Hello Alex,
>
>> Wed Dec 28 19:05:52 2016 -> Downloading securiteinfo.hdb [*]
>> Wed Dec 28 19:05:54 2016 -> WARNING: [LibClamAV] cli_loadhash: Problem
>> parsing database at line 34168
uires
the use of a special key that indicates the direct download path that
can be used.
Please let me know what other information I can provide to help
troubleshoot this.
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.
ption page:
http://sanesecurity.com/usage/signatures/
Hmm.. just googled it, and found it on a mirror, but it appears to be
quite old. Perhaps it's just not relevant any longer..
Thanks,
Alex
> foxhole_all.cdb,pool memory used: 4.366 MB
> foxhole_all.ndb,pool memory used: 4.449 MB
Hi,
I submitted a false-negative a few days ago and it still is not
detected after the most recent update. It would be helpful for these
kind of things if some kind of ticket or confirmation was issued at
the time of submission.
The only thing I can do is link to virustotal here:
https://www.viru
Hi Joel,
On Wed, Oct 5, 2016 at 2:38 PM, Joel Esler (jesler) wrote:
>
>> On Oct 5, 2016, at 1:54 PM, Alex wrote:
>>
>> Hi,
>>
>>> Are you submitting these files to ClamAV?
>>>
>>> http://www.clamav.net/reports/malware
>>
>>
o it on virustotal
or elsewhere:
# sigtool --find-sigs winnow.spam.ts.miscspam.1025807 | sigtool --decode-sigs
VIRUS NAME: winnow.spam.ts.miscspam.1025807
TARGET TYPE: HTML
OFFSET: *
DECODED SIGNATURE:
{STRING_ALTERNATIVE:.|/|@| |<}americanas.com.br{STRING_ALTERNATIVE:'|"| |/|=|>|
Thank
like to be able to just whitelist it locally. I know how to
whitelist signatures, but not domains.
Any ideas greatly appreciated.
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
t;
> reject is above 8.0 and the rest is done by bayes to avoid FP and other
> rules to make sure it's crap
Can you explain how you configured systemd to start two instances of
the same clamd binary using different config files?
Thanks,
Alex
>
> [root@mail-gw:/etc/mail/spamassas
I described above.
Is that something that can be done? Ideas for how to actually implement it?
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Hi,
> Are you submitting these files to ClamAV?
>
> http://www.clamav.net/reports/malware
Not always, primarily because the response time has been too long.
I'll try to more attentively submit them.
Thanks,
Alex
___
Help us build a
n be done to at least tag them in some way so the end-user knows
it's a potential threat?
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Hi,
>> Yes, I'm using all the third-party sigs, including sanesecurity, but
>> they are still getting through.
>>
> Hi Alex,
>
> What types are getting through JavaScript or docs etc.
JavaScript (.js files) is rejected outright.
I don't have any examples,
Hi,
>> What's being done about blocking attacks from the new crylocker and
>> the various types of cryptolocker?
> all that crap needs to make it somehow to the vicitims machine
> http://sanesecurity.com/foxhole-databases/
Yes, I'm using all the third-party sigs, including sanesecurity, but
they
Hi all,
What's being done about blocking attacks from the new crylocker and
the various types of cryptolocker?
https://fightransomware.com/ransomware-articles/crylocker-ransomware-compiles-victims-data-fake-image-file-uploads-imgur/?linkId=28721757
Are there specific patterns that have been desi
rs, first match wins
[ qr'^Heuristics.OLE2.ContainsMacros'=> 0.1 ],
));
I've also created several spamassassin rules that work off of that,
but in conjunction with the clamav settings, it was causing even the
attachments with macro viruses to be forwarded on.
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Hi,
>> When this option is set to Yes, the
>> emails are tagged, but even emails with macro virus attachments are
>> forwarded on, not blocked
>
> problem is that you don't understand your mailsystem, clamd itself only
> hives back with signatures are hit and then the glue (amavis oder
> clamav-mi
Hi,
>> It appears that using OLE2BlockMacros causes attachments with macros,
>> viruses or not, to just be marked by amavis with the
>> Heuristics.OLE2.ContainsMacros. However, when it's set it no longer
>> blocks them but forwards them on.
>>
>> Is this the intended behavior?
>
> "Heuristics.OLE2
Hi,
>> I'm using clamav on fedora23 with amavisd-new and would like to tag
>> each email that contains macros with Heuristics.OLE2.ContainsMacros.
>> I've enabled OLE2BlockMacros, but it appears it actually lets them
>> through instead of blocking them outright when this setting is made.
>>
>> Wha
the proper configuration of clamav to tag all emails with
macro attachments with Heuristics.OLE2.ContainsMacros as well as block
those emails with attachments that contain macro viruses?
Hopefully this is clear.
Thanks,
Alex
___
Help us build a comprehens
ist the rule just yet, however.
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
esn't it display the signature with the above command?
How do I scan the quarantined message to find out exactly what
triggered this false positive?
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav
us if it was necessary to save the individual attachments before
scanning.
I can't easily send a sample, but I'd appreciate any help you may have to offer.
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmi
any other blacklist. Is this the proper
address to request a winnow removal?
I've already whitelisted it.
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
entries to my whitelist.wdb file:
X:.+hilton\.com:americanexpress\.com:17-
X:.+hyatt.com:www.chase.com:17-
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
has address 194.186.47.19
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
o few, too ineffective and more importantly too late.
I never saw this message. Was this posted to the list?
I've found the sanesecurity rules to work well. The securiteinfo rules
are horrible. I'd never expect to only use the default clamav rules.
Thanks,
Alex
_
issues would still very much be appreciated.
Thanks,
Alex
>
> -Al-
>
> On Sun, Feb 21, 2016 at 03:40 PM, Alex wrote:
>>
>> Hi,
>>
>> I have a clamav-0.99-2 installation on fedora23 and periodically I
>> receive a message when running clamav-notify-servers after ha
hy clamd produces the error message when multiple
signals are sent.
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
ion, it redirects from a clicktracking link
> under smartbrief.com.
Yes, I see that, but it doesn't appear to be the one clamav was
complaining about. As above:
> Looking up in regex_list: r.smartbrief.com:f.email.americanexpress.com/
>
s a
phishing attack?
I actually also don't see in the message where
f.email.americanexpress.com was wrapped inside of a smartbrief.com
URL. I only see americanexpress.com/merchant, so perhaps I'm not
understanding.
Thanks,
Alex
___
Help us build
1)
Time: 18.234 sec (0 m 18 s)
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
/var/lib/clamav
LocalSocket /var/run/clamd.amavisd/clamd.sock
TCPSocket 3310
TCPAddr 127.0.0.1
MaxThreads 10
ReadTimeout 160
User amavis
AllowSupplementaryGroups yes
DetectPUA yes
MaxScanSize 50M
MaxFileSize 8M
MaxRecursion 10
MaxFiles 2000
Thanks,
r
alerted me that their desktop scanner had caught it that we were made
aware :-(
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
eone regarding whether this is a
new virus or there is some other explanation about this file.
Thanks,
Alex
>
> Thanks,
>
> - Alain
>
> On Mon, Oct 19, 2015 at 7:28 PM, Alex wrote:
>
>> Hi,
>> I have a jar file that is apparently identified as a virus by
>> Mi
can upload a sample, but I'm more interested in knowing if
Microsoft is identifying this as an FP, or otherwise why clamav and
sophos aren't identifying it.
Where can I upload a binary file and hopefully ask that someone
investigate it for me?
Thanks so much,
Alex
__
like this:
X:.+proofpoint\.com:.+bankofamerica\.com:17-
That appears to have solved the problem. I suppose I could be more
specific with my regex, but I think it's okay for now.
Thanks,
Alex
>
> -Kevin
>
> On Tue, Aug 25, 2015 at 1:11 PM, Charles Swiger wro
main? Or which?
Are you talking about this URL or a component of it?
>> > urldefense.
>> > proofpoint.com/ <http://proofpoint.com/
>> >(26)v2/url?u=http-3A__www.bankofamerica.com_emaildisclaimer&d=AwMFAg&c=ewHkv9vLloTwhsKn5d4bTdoqsmB
Thanks,
Alex
___
Hi,
On Tue, Aug 25, 2015 at 1:11 PM, Charles Swiger wrote:
> On Aug 25, 2015, at 9:41 AM, Alex wrote:
>> Thanks very much. I've submitted an fp, but it appears to be the result of
>> this:
>>
>>
sted the whole
Heuristics.Phishing.Email.SpoofedDomain rule with an ign2 entry, but I
obviously don't want to keep that permanently.
I'm using postfix with amavisd-new and spamassassin on fedora.
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
are given.
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
ges from amavis would also be nice. It appears
sometimes it uses "ERROR" and other times just "!!". A consistent way to
track them would be nice.
Thanks so much for your help.
Alex
___
Help us build a comprehensive ClamAV guide:
htt
shoot this?
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Enterprise Guide"
From: Fred Pryor Seminars/CareerTrack
From: TravelMole Daily UK Newswire
I'm hoping someone has an opinion on these senders and can help me
determine if fakedate is enough to quarantine them or if they're
considered spam anyway?
Thanks,
Alex
_
em?
I've done quite a bit of searching online and really haven't been able
to find much regarding these viruses and clamav.
I'd appreciate any further documents or other methods of protection that
people are using to block these?
Thanks,
Alex
_
Hello,
I'm trying to create signatures for clamav, to detect exe and mp3
files. Seems to work for exe, but strangely not for mp3, despite
the fact I did excatly the same in both cases:
Getting signatures for both files:
alex:~$ dd if=exefile.exe count=1 | sigtool --hex-dum
1+0 Datensätze
Hi,
On Sat, Jun 21, 2014 at 2:43 PM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
>
> On Sat, June 21, 2014 2:00 pm, Alex wrote:
> > Hi,
> > I'm using clamav-0.98.4 on fedora20 with the sanesecurity and
> safebrowsing
> > sigs and still seeing an
1 - 100 of 307 matches
Mail list logo
