[clamav-users] Win.Exploit.CVE_2017 in user32.dll

Hello, A clamscan running from Linux on a Windows disk (mounted on /mnt ) produced the following results: /mnt/Windows/System32/user32.dll: Win.Exploit.CVE_2017_8689-6336853-0 FOUND /mnt/Windows/SysWOW64/user32.dll: Win.Exploit.CVE_2017_8689-6336853-0 FOUND There were other occurrences of the s

Re: [clamav-users] Are Win.Trojan.Shopperz and Win.Trojan.Uztuby-3 false positives?

i was going to do the report as you suggested but someone else seems to have beaten me to it. Clamscan on VirusTotal now reports it as clean as does my local instance of clamscan and dnsapi.dll. - JD - Às 19:30 de 17-02-2016, Al Varnell escreveu: > Then you need to report that as a Fa

Re: [clamav-users] Are Win.Trojan.Shopperz and Win.Trojan.Uztuby-3 false positives?

o, I'd appreciate some advice on whether I'd likely be OK with > proceeding to connect to the Internet with the already installed Windows > 10 and said Panda Antivirus to be installed prior to connecting to the > Internet. > Also, if there is anything I might help with (as far

Re: [clamav-users] How to clean infection by Docx.Exploit.CVE_2015_1770

On Wed, 7/22/15, G.W. Haywood wrote: Subject: Re: [clamav-users] How to clean infection by Docx.Exploit.CVE_2015_1770 To: clamav-users@lists.clamav.net Date: Wednesday, July 22, 2015, 5:45 PM Hi there, On Wed, 22 Jul 2015, JD Ackle wrote

Re: [clamav-users] How to clean infection by Docx.Exploit.CVE_2015_1770

On Wed, 7/22/15, Noel Jones wrote: I would suspect a false positive if a MS Office document virus is reported in anything other than an MS Office document. Thank you for the reply, Noel. Should I submit the concerrning files to the False Posit

[clamav-users] How to clean infection by Docx.Exploit.CVE_2015_1770

to know how can I remove Docx.Exploit.CVE_2015_1770 from Windows/System32/config/SOFTWARE (any particular key or value I should be looking for?), so that I'm sure it's not its loading into RAM at startup that's making its signature appear on /pageFile.sys. Thanks in advance, JD Ackle

Re: [Clamav-users] Fwd: Important mail marked as spam

On 09/09/2010 01:32 PM, Jerry wrote: On Thu, 09 Sep 2010 10:13:03 -0700 JD articulated: On 09/09/2010 05:05 AM, Jerry wrote: On Thu, 9 Sep 2010 11:10:37 +0100 (BST) G.W. Haywood articulated: I personally would never accept nor rely on any email which claimed to be from a bank. I know

Re: [Clamav-users] Fwd: Important mail marked as spam

On 09/09/2010 05:05 AM, Jerry wrote: On Thu, 9 Sep 2010 11:10:37 +0100 (BST) G.W. Haywood articulated: I personally would never accept nor rely on any email which claimed to be from a bank. I know too much about email, and about banks. I reject mail which uses the word 'bank' anywhere in t

Re: [Clamav-users] clamdscan errors

On 07/06/2010 05:57 PM, Dennis Peterson wrote: On 7/6/10 5:31 PM, JD wrote: On 07/06/2010 05:00 PM, Dennis Peterson wrote: clamconf |grep TemporaryDir $ clamconf |grep TemporaryDir TemporaryDirectory = "/var/tmp" TemporaryDirectory disabled Is that what's causing it? The d

Re: [Clamav-users] clamdscan errors

On 07/06/2010 05:00 PM, Dennis Peterson wrote: clamconf |grep TemporaryDir $ clamconf |grep TemporaryDir TemporaryDirectory = "/var/tmp" TemporaryDirectory disabled Is that what's causing it? The disabled setting? Where do I enable it? ___ Help us b

[Clamav-users] clamdscan errors

I ran: $ sudo clamdscan -l /tmp/clamdscan.log /sda1 /sda1 is the mount point for my windows partition. I got tons of error mssages like this one: /sda1/WINDOWS/Installer/265ad74.msp: Can't create temporary directory ERROR In what directory is clamdscan trying to create a temp dir ?? __

Re: [Clamav-users] Some questions about clamav update

On 07/06/2010 01:35 PM, Chuck Swiger wrote: Hi-- On Jul 6, 2010, at 12:32 PM, JD wrote: For example, the packages installed from the build failed to create user clamupdate, which freshclam needs. That username isn't the default one which the clamav sources assume, namely: # By default

Re: [Clamav-users] Some questions about clamav update

On 07/06/2010 01:58 PM, Jim Preston wrote: On Jul 6, 2010, at 12:32 PM, JD wrote: On 07/06/2010 11:28 AM, Daniel McDonald wrote: On 7/6/10 12:53 PM, "JD" wrote: On 07/06/2010 10:28 AM, Dennis Peterson wrote: On 07/06/2010 09:38 AM, Chuck Swiger wrote: Hi, JD-- So,

Re: [Clamav-users] Some questions about clamav update

On 07/06/2010 01:08 PM, Dennis Peterson wrote: On 07/06/2010 10:28 AM, Dennis Peterson wrote: On 07/06/2010 09:38 AM, Chuck Swiger wrote: Hi, JD-- So, the fedora distro people screwed up by setting it to level 44 in the source code? Is it possible you installed only a clam client

Re: [Clamav-users] Some questions about clamav update

On 07/06/2010 11:28 AM, Daniel McDonald wrote: On 7/6/10 12:53 PM, "JD" wrote: On 07/06/2010 10:28 AM, Dennis Peterson wrote: On 07/06/2010 09:38 AM, Chuck Swiger wrote: Hi, JD-- So, the fedora distro people screwed up by setting it to level 44 in the source code? Is i

Re: [Clamav-users] Some questions about clamav update

On 07/06/2010 10:28 AM, Dennis Peterson wrote: On 07/06/2010 09:38 AM, Chuck Swiger wrote: Hi, JD-- So, the fedora distro people screwed up by setting it to level 44 in the source code? Is it possible you installed only a clam client and not the full suite? You must not have read this

Re: [Clamav-users] Some questions about clamav update warning messages

On 07/06/2010 09:38 AM, Chuck Swiger wrote: Hi, JD-- On Jul 6, 2010, at 9:19 AM, JD wrote: WARNING: Current functionality level = 44, recommended = 53 DON'T PANIC! Read http://www.clamav.net/support/faq I read the FAQ and it does not tell me where this setting is set. It

[Clamav-users] Some questions about clamav update warning messages

start/stop script for it in /etc/init.d ?? so that it can be managed by the system services? How about providing a default clamd.conf in either /etc or /etc/sysconfig ??? Best regards, JD ___ Help us build a comprehensive ClamAV gui