Re: [clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread bitfuzzy
Actually it appears that only "part" of AVG detects it. Virustotal indicates that AVG cleared the file as being "clean" however the second site (garyshood.com) seemed to use AVG "command line" Given the reputation of some of the scanners referenced by Virustotal, not to mention the sheer numb

Re: [clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread Al Varnell
So it seems to me if only one scanner detects this “test” file then it’s far from being the universal industry standard test file that EICAR is. Maybe I’m missing something, but your penetration testers would appear to be a fraud or shill for AVG or both? I’m not sure why the Cisco/ClamAV folk

Re: [clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread Richard McCombie
Thanks Al. virustotal.com doesn't show any problems with the file, but a site called Gary's Hood does: https://www.virustotal.com/en/file/14b2420f7490e612b9f0c65af180268b2ad41c3ec209b42f4d085aacb8ef973f/analysis/1478535605/ http://www.garyshood.com/virus/results.php?r=13710b10bf25b727cbf32c29d9b

Re: [clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread Al Varnell
Try uploading it to and give us the link to the analysis page. I don’t find that anything with that MD5 has been uploaded. -Al- On Mon, Nov 07, 2016 at 07:25 AM, Richard McCombie wrote: > > I uploaded a small ASCII-format file, which, like the EICAR test file, is

Re: [clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread Richard McCombie
I uploaded a small ASCII-format file, which, like the EICAR test file, is supposed to trigger a warning from AV software. I'd be happy to email this to the appropriate address, but I won't do that until someone can confirm which address I can use without breaking any rules. Thank you for your help

Re: [clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread Al Varnell
I’m a bit confused by this. Did you send a virus signature or did you upload malware? Those are not at all the same thing. -Al- On Mon, Nov 07, 2016 at 06:05 AM, Richard McCombie wrote: > > Thanks Joel. > > I have subscribed to community-sigs; the welcome message informs me that > virus sample

Re: [clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread Richard McCombie
Thanks Joel. I have subscribed to community-sigs; the welcome message informs me that virus samples are not to be sent to the list: Welcome to the community-s...@lists.clamav.net mailing list! DO NOT SEND VIRUS SAMPLES HERE!!! Send them through our web interface at http://www.clamav.net/sendvirus

Re: [clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread Joel Esler (jesler)
The processing that comes in through the website is largely automated. Submitting signatures should be done through the community-sigs list, until we make a submission method through the website. Sent from my iPad > On Nov 7, 2016, at 6:45 AM, Richard McCombie > wrote: > > Good morning, >

[clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread Richard McCombie
Good morning, I submitted a virus signature (at http://www.clamav.net/reports/malware) on 17th October. I used the name Richard McCombie for this. It would be great if you could incorporate this virus sample into your database of virus signatures. I am working on helping a client pass their p

Re: [clamav-users] Virus Signature queries

2011-12-05 Thread Al Varnell
On 12/4/11 2:46 PM, "pritha srivastava" wrote: > 1. What do you mean by static malware. Why is MD5 based signature matching > suitable for static malware? > Static malware is not likely to change over time, so hash signatures don't have to be constantly updated. More and more, we are seeing malw

[clamav-users] Virus Signature queries

2011-12-04 Thread pritha srivastava
1. What do you mean by static malware. Why is MD5 based signature matching suitable for static malware? 2. What do you mean by a pre processed file? Why cant we use hash based signature matching that undergoes pre-processing? 3. In the scan summary, the data scanned is lesser than the data read.

Re: [Clamav-users] Virus Signature

2005-07-12 Thread Olivier Nicole
>Is Worm.Zafi.D signature is not the same like eicar ??? Eicar is a 69 characters strings that has the word eicar in it. So it is nott the same. Olivier ___ http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Virus Signature

2005-07-12 Thread Damian Menscher
On Tue, 12 Jul 2005 [EMAIL PROTECTED] wrote: I'm searching Worm.Zafi.D virus signature at http://clamav-du.securesites.net/cgi-bin/clamgrok and the result is : 3cd737e20dbe4c89e12971cabe630cbfa20bbb20b55db63445b2b80a2009c8f0b6a0939053458122fb228252a38d14a1920a4155231dc4ef0f64308d6a19e82f0310e7f

[Clamav-users] Virus Signature

2005-07-12 Thread christopher
Please forgive me if this is a stupid question. I'm searching Worm.Zafi.D virus signature at http://clamav-du.securesites.net/cgi-bin/clamgrok and the result is : 3cd737e20dbe4c89e12971cabe630cbfa20bbb20b55db63445b2b80a2009c8f0b6a0939053458122fb228252a38d14a1920a4155231dc4ef0f64308d6a19e82f0310e7

[Clamav-users] virus signature length

2005-02-10 Thread Joanna Roman
What is the average virus signature length these days ? __ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail ___ http://lists.clamav.net/cgi-

Re: [Clamav-users] Virus Signature

2005-01-23 Thread Tomasz Kojm
On Sun, 23 Jan 2005 15:34:13 +0330 "hamid touzandejani" <[EMAIL PROTECTED]> wrote: > Hello > how can i create virus signature from infected file with virus? Analyse the virus and create a signature. If it's a real virus (and not a static malware) your chances for creating good sig are rather smal

[Clamav-users] Virus Signature

2005-01-23 Thread hamid touzandejani
Hello how can i create virus signature from infected file with virus? ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] virus signature version

2005-01-14 Thread Chris Masters
Yes - the db version. Many thanks! --- Tomasz Papszun <[EMAIL PROTECTED]> wrote: > On Wed, 12 Jan 2005 at 7:37:00 -0800, Chris Masters > wrote: > > Is there an easy way to retreive the virus > signature > > version from clam other than calling cl_retver()? > > > > Do you mean the database ver

Re: [Clamav-users] virus signature version

2005-01-12 Thread Tomasz Papszun
On Wed, 12 Jan 2005 at 7:37:00 -0800, Chris Masters wrote: > Is there an easy way to retreive the virus signature > version from clam other than calling cl_retver()? > Do you mean the database version? sigtool -i /path/to/daily.cvd 2>&1 | grep Version Or read the third field in a .cvd file (":

[Clamav-users] virus signature version

2005-01-12 Thread Chris Masters
Is there an easy way to retreive the virus signature version from clam other than calling cl_retver()? Thanks, Chris __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail ___