Al,
This is not a false positive.
The file is malicious. I am working on making detection signatures for the
malware.
Thanks,
Shaun Hurley
On Tue, Oct 20, 2015 at 9:00 PM, Alex wrote:
> Hi,
>
>
> On Tue, Oct 20, 2015 at 11:57 AM, Al Varnell wrote:
> > According to this, So
All,
This is a set of regex signatures I published. These lines in the signature
database should have been ignored by ClamAV versions previous to 0.99.
Given the problems that alternate versions of ClamAV have, I am going to
drop these signatures.
Thanks,
Shaun Hurley
On Mon, Oct 19, 2015 at 1
PK,
Thank you for bringing this to our attention.
I have created another signature that doesn't rely upon PUA being enabled.
As soon as the signature is done being tested for false positives we will
publish it.
Thanks again,
Shaun Hurley
ClamAV Malware Team
On Tue, Jul 28, 2015 at 10:54
Ingo,
It looks like this sig was originally published on June 11th, 2015.
We dropped the signature this afternoon to review why it triggered a false
positives.
Thank you for making us aware of this issue.
Please let us know if there are any other issue.
Thanks again,
Shaun Hurley
ClamAV
Thanks, Al.
I'll have to add those to the FP database.
On Wed, Apr 22, 2015 at 2:24 AM, Al Varnell wrote:
> It would appear this has now been taken care of with ClamAV database
> updated (22 Apr 2015 01-07 -0400): daily.cvd
> Version: 20358.
>
> -Al-
> On Tue, Apr 21, 2015 at 08:52 PM, Al Varne
Max,
Thank you for bring this to our attention. The detection window is a bit
too broad. We will get this resolved.
The signature has been dropped from the signature database.
It will be corrected, and then added back to the signature database.
Thanks again,
Shaun Hurley
Cisco Talos Malware
-d=
> ecoration:none;" alt=3D"Amazon.co.uk MasterCard">
>
> So a href is originating from bankofamerica.co.uk but the source image
> is youraccount.mbna.co.uk ?
>
> I'm asking because I cannot find any other relation to
> bankofamerica.co.uk and youraccount.mbna.co.uk
&
le, I'll be able to update the official daily.wdb whitelist.
Hope this has helped. Please let me know if you have any follow-up
questions.
Thanks,
Shaun Hurley
On Tue, Sep 23, 2014 at 8:29 AM, Thorvald Hallvardsson <
thorvald.hallvards...@gmail.com> wrote:
> Hi Steve,
>
Complete. I've dropped the signature.
daily.cld updated (version: 19002, sigs: 957431, f-level: 63, builder:
shurley)
After running a freshclam the sample should no longer alert.
Shaun
On Mon, May 19, 2014 at 3:27 PM, Shaun Hurley wrote:
> Thank you. I'll take a look at what
Thank you. I'll take a look at what the issue is.
Shaun
On Mon, May 19, 2014 at 2:02 PM, Al Varnell wrote:
> On May 13, 2014, at 8:19 AM, Shaun Hurley wrote:
>
> > A ClamXav user complained of having a Google Chrome extension “WebGL
> > Inspector” which he has used si
t;
> Julian Hansmann
>
> 1&1 Mail & Media GmbH
> Mail Application Security
>
> Am 15.05.2014 23:03, schrieb Shaun Hurley:
> > Julian,
> >
> > Please run freshclam again and scan the file. It should not be
> > alerting anymore.
> >
> > Thanks,
Julian,
Please run freshclam again and scan the file. It should not be alerting
anymore.
Thanks,
Shaun
On Thu, May 15, 2014 at 10:07 AM, Shaun Hurley wrote:
> Julian and Al,
>
> I thought this was signature was removed on Tuesday. I think I found the
> problem and should have t
Julian and Al,
I thought this was signature was removed on Tuesday. I think I found the
problem and should have this resolved later today.
Please let me know if you have any questions.
Thank you,
Shaun Hurley
Cisco Malware Reseearcher
On Thu, May 15, 2014 at 3:40 AM, Al Varnell wrote
074ddbb7a6
-Al-
--
Al Varnell
Mountain View, CA
-
Al,
Sorry, I didn't have the original email that was sent to the list. After
further analysis, I've modified the signature so that it shouldn't generate
as many false posi
ped out of the
daily.cvd.
Thank you,
Shaun Hurley
On Tue, May 13, 2014 at 4:12 AM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
>
> On Tue, May 13, 2014 8:27 am, Julian Hansmann wrote:
>
> > Regardless of its content (even if it's empty) a mail which has
15 matches
Mail list logo
