subject:"\[Clamav\-users\] eicar test"

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-06-03 Thread Jason J. W. Williams

That's unfortunate. Given the magnitude of the change I would've expected them to be very attentive to the list, post deployment. -J On Thu, Mar 17, 2016 at 1:23 PM, Al Varnell wrote: > No. I'm sure they are trying to recover from this week's activities and > rarely have time to follow this lis

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-05-19 Thread Helmut Hullen

Hallo, Matus, Du meintest am 19.05.16: >>> your clamav was build without pcre support. You have to compile a >>> new binary >> Sorry - no. Configuring with "--disable_pcre" doesn't change this >> behaviour. > of course DISABLING does NOT help, you need to ENABLE it. > the whole problem comes ou

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-05-19 Thread Matus UHLAR - fantomas

LibClamAV Warning: cli_loadldb: logical signature for Win.Trojan.ssid18332-1 uses PCREs but support is disabled, skipping LibClamAV Warning: cli_loadldb: logical signature for Win.Ransomware.Locky-4 uses PCREs but support is disabled, skipping LibClamAV Warning: cli_loadldb: logical signature for

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-05-19 Thread Helmut Hullen

Hallo, Andreas, Du meintest am 19.05.16: >> LibClamAV Warning: cli_loadldb: logical signature for >> Win.Trojan.ssid18332-1 uses PCREs but support is disabled, skipping >> LibClamAV Warning: cli_loadldb: logical signature for >> Win.Ransomware.Locky-4 uses PCREs but support is disabled, skipping

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-05-18 Thread Andreas Schulze

Am 18.05.2016 um 06:27 schrieb Helmut Hullen: > LibClamAV Warning: cli_loadldb: logical signature for Win.Trojan.ssid18332-1 > uses PCREs but support is disabled, skipping > LibClamAV Warning: cli_loadldb: logical signature for Win.Ransomware.Locky-4 > uses PCREs but support is disabled, skipping

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-05-17 Thread Helmut Hullen

Hallo, Jason, Du meintest am 17.05.16: >> You should see these lines within your debug output: >> >> ... >> LibClamAV debug: daily.ign2 loaded >> ... >> LibClamAV debug: /var/lib/clamav/daily.cld loaded >> ... >> LibClamAV debug: Ignoring signature Win.Trojan.Trojan-605 >> ... >> LibClamAV debug

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-05-17 Thread Jason J. W. Williams

Hi Dave, Thanks. I don't see any issues with it loading the daily.cld. I'm going to wipe it out and let Freshclam reload it and the ign. -J On Tue, May 17, 2016 at 2:02 PM, David Raynor wrote: > If you run clamscan with "--debug" it will tell you which files it is > loading, even the files ins

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-05-17 Thread David Raynor

If you run clamscan with "--debug" it will tell you which files it is loading, even the files inside a cvd or cld file. It will also remark about which signatures is skips when loading. You should see these lines within your debug output: ... LibClamAV debug: daily.ign2 loaded ... LibClamAV debug

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-05-17 Thread Jason J. W. Williams

Yessir: # sigtool -u /var/lib/clamav/daily.cld # grep -i 'Win.Trojan.Trojan-605' daily.ign main:42:Win.Trojan.Trojan-605 On Tue, May 17, 2016 at 1:25 PM, Alain Zidouemba wrote: > $ sigtool -u /usr/local/share/clamav/daily.cld > > $ grep -i 'Win.Trojan.Trojan-605' daily.ign > main:42:Win.Trojan

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-05-17 Thread Alain Zidouemba

$ sigtool -u /usr/local/share/clamav/daily.cld $ grep -i 'Win.Trojan.Trojan-605' daily.ign main:42:Win.Trojan.Trojan-605 Same on your end? - Alain On Tue, May 17, 2016 at 4:22 PM, Jason J. W. Williams < jasonjwwilli...@gmail.com> wrote: > We do. > > -J > > On Tue, May 17, 2016 at 1:13 PM, Ala

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-05-17 Thread Jason J. W. Williams

We do. -J On Tue, May 17, 2016 at 1:13 PM, Alain Zidouemba wrote: > Jason: > > Do you have all both main.cvd and daily.cvd? Win.Trojan.Trojan-605 was > dropped several weeks ago, but would only be reflected in your installation > if you have both main.cvd and daily.cvd. Please confirm. > > Than

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-05-17 Thread Alain Zidouemba

Jason: Do you have all both main.cvd and daily.cvd? Win.Trojan.Trojan-605 was dropped several weeks ago, but would only be reflected in your installation if you have both main.cvd and daily.cvd. Please confirm. Thanks, - Alain On Tue, May 17, 2016 at 4:11 PM, Jason J. W. Williams < jasonjwwil

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-05-17 Thread Jason J. W. Williams

No ClamAV 0.98.7. -J On Mon, May 16, 2016 at 11:25 PM, Al Varnell wrote: > I’m unable to replicate your findings: > > ~/Downloads/2016-05-16/eicar.txt: Eicar-Test-Signature FOUND > > Taking a look at the current daily.cld I see entries in both ignore > sections: > > daily.ign >

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-05-16 Thread Al Varnell

I’m unable to replicate your findings: ~/Downloads/2016-05-16/eicar.txt: Eicar-Test-Signature FOUND Taking a look at the current daily.cld I see entries in both ignore sections: daily.ign

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-05-16 Thread Jason J. W. Williams

Looks like EICAR is getting classified as Win.Trojan.Trojan-605 again (daily 21557). https://gist.github.com/williamsjj/b8104402e80f44475df5 -J On Wed, Mar 16, 2016 at 8:54 PM, Al Varnell wrote: > The new database was just made available, so I recommend you hold off > until you have the new ma

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-20 Thread Mark Allan

Just to confirm, I'm also seeing everything being flagged as Win.Trojan.Trojan-476 with the new main/daily.cvd files. Mark > On 17 Mar 2016, at 6:49 am, Al Varnell wrote: > > I just ran a scan against the ClamAV test files contained in the 0.99.1 > source file and I’m getting all Win.Trojan.T

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-19 Thread Al Varnell

The new database was just made available, so I recommend you hold off until you have the new mail.cvd v57 and daily.cvd v21466 before getting too excited about this. -Al- On Wed, Mar 16, 2016 at 08:49 PM, Jason J. W. Williams wrote: > > As of the latest daily update, running ClamAV against the

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-19 Thread Jason J. W. Williams

Does anyone that's chimed in work on the signatures team? -J On Thu, Mar 17, 2016 at 10:31 AM, Al Varnell wrote: > There have not been any additional updates released yet, so nothing could > have changed. > > -Al- > > On Thu, Mar 17, 2016 at 10:25 AM, Jason Williams wrote: > > > > Is anyone sti

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-19 Thread Al Varnell

No. I'm sure they are trying to recover from this week's activities and rarely have time to follow this list anyway. It would likely be Alain Zidouemba the sig team lead. To get feedback on FP's you would need to subscribe to the clamav-virusdb list and it often takes weeks under normal circum

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-19 Thread Dennis Peterson

sigtool --unpack=main.cvd rm -f main.cvd grep EICAR main.* main.hdb:44d88612fea8a8f36de82e1278abb02f:68:Win.Test.EICAR_HDB-1 main.hsb:275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f:68:Win.Test.EICAR_HSB-1 main.mdb:45056:3ea7d00dedd30bcdf46191358c36ffa4:Win.Test.EICAR_MDB-1 main

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-19 Thread Jason Williams

Is anyone still seeing this or have they fixed it? -J Sent via iPhone > On Mar 17, 2016, at 02:44, Mark Allan wrote: > > Just to confirm, I'm also seeing everything being flagged as > Win.Trojan.Trojan-476 with the new main/daily.cvd files. > > Mark > >> On 17 Mar 2016, at 6:49 am, Al Varne

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-19 Thread Al Varnell

Disregard, I found it here after they got the new main.cvd:

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-19 Thread Al Varnell

There have not been any additional updates released yet, so nothing could have changed. -Al- On Thu, Mar 17, 2016 at 10:25 AM, Jason Williams wrote: > > Is anyone still seeing this or have they fixed it? > > -J > > Sent via iPhone > >> On Mar 17, 2016, at 02:44, Mark Allan wrote: >> >> Jus

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-19 Thread Dennis Peterson

We're not yet sure if it's broken or a result of renaming signatures. dp On 3/17/16 10:25 AM, Jason Williams wrote: Is anyone still seeing this or have they fixed it? -J Sent via iPhone On Mar 17, 2016, at 02:44, Mark Allan wrote: Just to confirm, I'm also seeing everything being flagged

[clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-19 Thread Jason J. W. Williams

As of the latest daily update, running ClamAV against the EICAR test string reports Win.Trojan.Trojan-605 instead of Eicar-Test-Signature. -J ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/c

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-19 Thread Jason J. W. Williams

Thanks. Hopefully it'll sync up soon. I'm getting weird download errors out of freshclam: WARNING: getfile: Error while reading database from db.local.clamav.net (IP: 200.236.31.1): Operation now in progress WARNING: getpatch: Can't download daily-21465.cdiff from db.local.clamav.net nonblock_recv

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-19 Thread Al Varnell

I just ran a scan against the ClamAV test files contained in the 0.99.1 source file and I’m getting all Win.Trojan.Trojan-476: File Name Infection Name Status /Users/avarnell/Desktop/•Download/clamav-0.99.1/unit_tests/clam-phish-exe Win.Trojan.Trojan-476 /Users/avarnell/Desktop/•

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-19 Thread Jason J. W. Williams

Pulled down 21466 (and force restarted clamd) but it's still classifying EICAR as Win.Trojan.Trojan: https://gist.github.com/williamsjj/b8104402e80f44475df5 Databases are up to date now: main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) Empty script daily-2146

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-19 Thread Jason Williams

Hey Al, I submitted a FP report with one attached. Just put the EICAR string into a txt file and that'll trigger it. -J Sent via iPhone > On Mar 16, 2016, at 22:16, Al Varnell wrote: > > I don’t know why sanesecurity-porcupine.ndb is causing this, but I can now > see that the signatures fo

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-18 Thread Jason J. W. Williams

Culprit seems to be sanesecurity-porcupine.ndb ( http://sanesecurity.com/usage/signatures/). Moving it out causes Win.Test.EICAR_NDB-1 FOUND to be found, moving it back in triggers the Win.Trojan.Trojan-605 FP. Since the Win.Trojan.Trojan sig isn't in the DB I'm not sure why that is. -J On Wed, M

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-18 Thread Jason J. W. Williams

Yeah, the sanesecurity sigs. Moving them out, causes Win.Test.EICAR_NDB-1 FOUND to be found. Which I assume is the new name. Not sure why the update is suddenly causing the SaneSecurity sigs to get checked first. I'll track it down. -J On Wed, Mar 16, 2016 at 9:32 PM, Al Varnell wrote: > I’m

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-18 Thread Al Varnell

I don’t know why sanesecurity-porcupine.ndb is causing this, but I can now see that the signatures for Win.Test.EICAR_LDB-1 and Win.Trojan.Trojan-605 are identical, so this is an FP situation which would be reported.

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-18 Thread Al Varnell

I’m still looking, but so far I can’t find any Win.Trojan.Trojan signatures in the ClamAV Official database or listed in clamav-virusdb e-mail list. Nor can I confirm your results using my own EICAR. Are you using any Unofficial signatures from a different source? -Al- On Wed, Mar 16, 2016 a

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-18 Thread Dennis Peterson

Sorry - didn't intend to send this to the list. On 3/17/16 12:02 AM, Dennis Peterson wrote: sigtool --unpack=main.cvd rm -f main.cvd grep EICAR main.* main.hdb:44d88612fea8a8f36de82e1278abb02f:68:Win.Test.EICAR_HDB-1 main.hsb:275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f:68:

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

2016-03-18 Thread Al Varnell

Those are normal messages for an update of this kind. The 21465.cdiff was purposely blank in order to force you to download the entire daily.cvd. Give it plenty of time as the main.cvd is 109MB. Technical details: -

[clamav-users] eicar test virus logged twice during daily scan

2015-10-15 Thread c chupela

Centos 6.6, clam av 0.98.7 I have a cron job setup to do a daily scan, and as a test for developing an alerting mechanism/parsing of logfile, I placed the eicar test signature in /tmp. The scan runs and identifies the file correctly, but it logs it twice as evidenced below: Is there something

Re: [Clamav-users] Eicar test files passed as OK :o(

2008-07-06 Thread Matus UHLAR - fantomas

On 07.07.08 08:23, David Berlioz wrote: > go the same install problem switching from "debian" to "debian volatile" > > uninstall libclamav2 clamav ... > > reinstall clamav clamav-daemon => libclamav4 I am using volatile for a very long time (I think since it exists) and never had this kind of pr

Re: [Clamav-users] Eicar test files passed as OK :o(

2008-07-06 Thread David Berlioz

MARY --- Known viruses: 343332 Engine version: 0.93.1 Scanned directories: 2 Scanned files: 7 Infected files: 6 Data scanned: 0.00 MB Time: 13.907 sec (0 m 13 s) Many thanks again. Ken --- On Sun, 6/7/08, Brandon Perry <[EMAIL PROTECTED]> wrote: From: Brandon Perry &l

[Clamav-users] Eicar test files passed as OK :o(

2008-07-06 Thread Mr Smiley

On Sun, 6/7/08, Brandon Perry <[EMAIL PROTECTED]> wrote: > From: Brandon Perry <[EMAIL PROTECTED]> > Subject: Re: [Clamav-users] Eicar test files passed as OK :o( > To: "ClamAV users ML" > Date: Sunday, 6 July, 2008, 3:49 AM > There must be something wrong with y

Re: [Clamav-users] Eicar test files passed as OK :o(

2008-07-06 Thread Stephen Gran

On Sat, Jul 05, 2008 at 07:36:18PM -0700, Mr Smiley said: > Hi all, > > I'm running clamscan on Debian Linux, using ver 0.93 with latest definitions. > > debian-Lappy:/home/mrsmiley/ClamAV_Rar_Test_File# clamscan * > LibClamAV Warning: RAR code not compiled-in > clam.rar: OK > eicar.com: OK > eic

Re: [Clamav-users] Eicar test files passed as OK :o(

2008-07-05 Thread Brandon Perry

There must be something wrong with your installation... Running clamscan (0.93.1) on the EICAR files: VolatileMinds:~# clamscan -i ./ ./eicar_com.zip: Eicar-Test-Signature FOUND ./eicarcom2.zip: Eicar-Test-Signature FOUND ./eicar.com: Eicar-Test-Signature FOUND ./eicar.com.txt: Eicar-Test-Signatur

[Clamav-users] Eicar test files passed as OK :o(

2008-07-05 Thread Mr Smiley

Hi all, I'm running clamscan on Debian Linux, using ver 0.93 with latest definitions. I was scanning a mounted windows partition using clamscan -i -r /mnt/Windows and came across the LibClamAV Warning: RAR code not compiled-in So i added --unrar=/usr/bin/unrar clamscan -i -r --unrar=/usr/bi

Re: [Clamav-users] EICAR Test pattern missing from DB?

2005-02-27 Thread Brian Morrison

On Sun, 27 Feb 2005 10:51:46 -0500 (EST) in [EMAIL PROTECTED] Rob Mangiafico <[EMAIL PROTECTED]> wrote: > > It may be that something in the db requires 0.83, but I do remember > > something being mentioned about the EICAR test signature and > > clamdwatch on this list, have you looked at the ar

Re: [Clamav-users] EICAR Test pattern missing from DB?

2005-02-27 Thread Rob Mangiafico

> > > The lack of digital signature support is a bad thing as well, I'm > > > not certain but I suspect that ClamAV may find it rather hard to > > > check the integrity of virus databases that freshclam retrieves. > > > And you're 3 versions behind the recommended version. > > > > Although I

Re: [Clamav-users] EICAR Test pattern missing from DB?

2005-02-27 Thread Tomasz Kojm

On Sun, 27 Feb 2005 10:38:35 -0500 (EST) Rob Mangiafico <[EMAIL PROTECTED]> wrote: > database, as no scripts changed on the server. We're working on > upgrading, but any other ideas as to what would cause this suddenly > would be appreciated. Quoting the README file of 0.81 (released on Jan 26)

Re: [Clamav-users] EICAR Test pattern missing from DB?

2005-02-27 Thread Brian Morrison

On Sun, 27 Feb 2005 10:38:35 -0500 (EST) in [EMAIL PROTECTED] Rob Mangiafico <[EMAIL PROTECTED]> wrote: > > The lack of digital signature support is a bad thing as well, I'm > > not certain but I suspect that ClamAV may find it rather hard to > > check the integrity of virus databases that fres

Re: [Clamav-users] EICAR Test pattern missing from DB?

2005-02-27 Thread Rob Mangiafico

On Sun, 27 Feb 2005, Brian Morrison wrote: > > All of our servers that are running clamdwatch.pl that tests to make > > sure clamd is running have been outputting: > > > > Clamd didn't find the EICAR pattern. Your virus database(s) could be > > borked! > > > > I ran freshclam manually and it

Re: [Clamav-users] EICAR Test pattern missing from DB?

2005-02-27 Thread Brian Morrison

On Sun, 27 Feb 2005 10:22:45 -0500 (EST) in [EMAIL PROTECTED] Rob Mangiafico <[EMAIL PROTECTED]> wrote: > All of our servers that are running clamdwatch.pl that tests to make > sure clamd is running have been outputting: > > Clamd didn't find the EICAR pattern. Your virus database(s) could be >

[Clamav-users] EICAR Test pattern missing from DB?

2005-02-27 Thread Rob Mangiafico

All of our servers that are running clamdwatch.pl that tests to make sure clamd is running have been outputting: Clamd didn't find the EICAR pattern. Your virus database(s) could be borked! I ran freshclam manually and it says the db's are up to date: --- ClamAV update process started at Sun Fe

Re: [Clamav-users] EICAR Test File

2004-09-02 Thread Timo Schöler

fyi, my mailserver discarded another 7 messages since 8:50am: dreyfus: {13} sudo cat /var/log/maillog | grep -c discard 7 dreyfus: {14} annoying... Hello Damian Menscher, Uh oh could one of the list moderators unsubscribe this idiot? He's responding to his own posts, and infinite loops on ma

Re: [Clamav-users] EICAR Test File

2004-09-02 Thread Timo Schöler

i just added '[EMAIL PROTECTED]' to my list of blocked spammers :) Since he doesn't seem to mind responding to his own mail, I spoofed a mail from [EMAIL PROTECTED] to [EMAIL PROTECTED] in hopes of melting his server. Unfortunately it doesn't seem to have worked. Maybe if we each email him a 10

Re: [Clamav-users] EICAR Test File

2004-09-02 Thread Luca Gibelli

Hello Damian Menscher, > Uh oh could one of the list moderators unsubscribe this idiot? He's > responding to his own posts, and infinite loops on mailing lists are > bad. done. Best regards -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Finger

Re: [Clamav-users] EICAR Test File

2004-09-02 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 03:22 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 02:44 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 01:45 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:59 >>> LLEGO BIEN.

Re:[Clamav-users] EICAR Test File

2004-09-02 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 03:12 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 02:32 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 00:36 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:41 >>> LLEGO BIEN.

Re: [Clamav-users] EICAR Test File

2004-09-02 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 03:14 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 02:32 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 00:46 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:37 >>> LLEGO BIEN.

Re: [Clamav-users] EICAR Test File

2004-09-02 Thread Damian Menscher

On Thu, 2 Sep 2004, Timo Schöler wrote: > i just added '[EMAIL PROTECTED]' to my list of blocked spammers :) Since he doesn't seem to mind responding to his own mail, I spoofed a mail from [EMAIL PROTECTED] to [EMAIL PROTECTED] in hopes of melting his server. Unfortunately it doesn't seem to hav

Re: [Clamav-users] EICAR Test File

2004-09-02 Thread Timo Schöler

hi list, i just added '[EMAIL PROTECTED]' to my list of blocked spammers :) any message from her/him will be silently deleted; it will not be rejected (for god's sake). LLEGO BIEN. Jorge Danussi "[EMAIL PROTECTED]" 09/02/04 02:32 >>> LLEGO BIEN. Jorge Danussi "[EMAIL PROTECTED]" 09/02/04 00:46 >>

Re: [Clamav-users] EICAR Test File

2004-09-02 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 02:47 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 01:28 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:55 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:13 >>> LLEGO BIEN.

Re:[Clamav-users] EICAR Test File

2004-09-02 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 02:44 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 01:37 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:52 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:10 >>> LLEGO BIEN.

Re: [Clamav-users] EICAR Test File

2004-09-02 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 02:44 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 01:45 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:59 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:14 >>> LLEGO BIEN.

Re:[Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 02:32 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 00:36 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:41 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 22:52 >>> LLEGO BIEN.

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 02:32 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 00:46 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:37 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 22:48 >>> LLEGO BIEN.

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 01:28 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:55 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:13 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:32 >>> LLEGO BIEN.

Re:[Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 01:37 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:52 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:10 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:22 >>> Uh oh c

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 01:45 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:59 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:14 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:31 >>> LLEGO BIEN.

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 00:46 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:37 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 22:48 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:13 >>> LLEGO BIEN.

Re:[Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/02/04 00:36 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:41 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 22:52 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:17 >>> LLEGO BIEN.

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:59 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:14 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:31 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:54 >>> On Wed, 1 S

Re:[Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:52 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:10 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:22 >>> Uh oh could one of the list moderators unsubscribe this idiot? He's responding

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:55 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:13 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:32 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:54 >>> LLEGO BIEN.

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:37 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 22:48 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:13 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:36 >>> On Wed, 1 S

Re:[Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:41 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 22:52 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:17 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:45 >>> LLEGO BIEN.

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:14 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:31 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:54 >>> On Wed, 1 Sep 2004 22:01:48 + (GMT) Andy Fiddaman <[EMAIL PROTECTED]> wrote: >

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:13 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:32 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:54 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:07 >>> On Wed, 1 S

Re:[Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 23:10 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:22 >>> Uh oh could one of the list moderators unsubscribe this idiot? He's responding to his own posts, and infinite loops on mailing lists are bad. Damian

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 22:48 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:13 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:36 >>> On Wed, 1 Sep 2004 22:01:48 + (GMT) Andy Fiddaman <[EMAIL PROTECTED]> wrote: >

Re:[Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 22:52 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:17 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:45 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 19:01 >>> I've been

Re:[Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:22 >>> Uh oh could one of the list moderators unsubscribe this idiot? He's responding to his own posts, and infinite loops on mailing lists are bad. Damian On Wed, 1 Sep 2004, Jorge Danussi wrote: > LLEGO BIEN. > > Jorge Danu

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:32 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:54 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:07 >>> On Wed, 1 Sep 2004, Andy Fiddaman wrote: > I've been re-running some tests on an E

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:31 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:54 >>> On Wed, 1 Sep 2004 22:01:48 + (GMT) Andy Fiddaman <[EMAIL PROTECTED]> wrote: > > I've been re-running some tests on an EICAR file here with mixed > r

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:13 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:36 >>> On Wed, 1 Sep 2004 22:01:48 + (GMT) Andy Fiddaman <[EMAIL PROTECTED]> wrote: > "The first 68 characters is the known string. It may be optionally > ap

Re:[Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 21:17 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:45 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 19:01 >>> I've been re-running some tests on an EICAR file here with mixed results. Accordi

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:54 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:07 >>> On Wed, 1 Sep 2004, Andy Fiddaman wrote: > I've been re-running some tests on an EICAR file here with mixed results. > > According to the eicar web page:

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:54 >>> On Wed, 1 Sep 2004 22:01:48 + (GMT) Andy Fiddaman <[EMAIL PROTECTED]> wrote: > > I've been re-running some tests on an EICAR file here with mixed > results. > > According to the eicar web page: > > "The first 68 charact

Re:[Clamav-users] EICAR Test File

2004-09-01 Thread Damian Menscher

Uh oh could one of the list moderators unsubscribe this idiot? He's responding to his own posts, and infinite loops on mailing lists are bad. Damian On Wed, 1 Sep 2004, Jorge Danussi wrote: > LLEGO BIEN. > > Jorge Danussi > > >>> "[EMAIL PROTECTED]" 09/01/04 20:45 >>> > > LLEGO BIEN. > > J

Re:[Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:45 >>> LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 19:01 >>> I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: "The first 68 characters is the known string.

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:36 >>> On Wed, 1 Sep 2004 22:01:48 + (GMT) Andy Fiddaman <[EMAIL PROTECTED]> wrote: > "The first 68 characters is the known string. It may be optionally > appended by any combination of whitespace characters with the total > file

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 20:07 >>> On Wed, 1 Sep 2004, Andy Fiddaman wrote: > I've been re-running some tests on an EICAR file here with mixed results. > > According to the eicar web page: > > "The first 68 characters is the known string. It may be optionally >

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Tomasz Kojm

On Wed, 1 Sep 2004 22:01:48 + (GMT) Andy Fiddaman <[EMAIL PROTECTED]> wrote: > > I've been re-running some tests on an EICAR file here with mixed > results. > > According to the eicar web page: > > "The first 68 characters is the known string. It may be optionally > appended by any combinat

Re:[Clamav-users] EICAR Test File

2004-09-01 Thread Jorge Danussi

LLEGO BIEN. Jorge Danussi >>> "[EMAIL PROTECTED]" 09/01/04 19:01 >>> I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: "The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characte

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Tomasz Kojm

On Wed, 1 Sep 2004 22:01:48 + (GMT) Andy Fiddaman <[EMAIL PROTECTED]> wrote: > "The first 68 characters is the known string. It may be optionally > appended by any combination of whitespace characters with the total > file length not exceeding 128 characters." > > If I scan the minimal 68-byt

Re: [Clamav-users] EICAR Test File

2004-09-01 Thread Damian Menscher

On Wed, 1 Sep 2004, Andy Fiddaman wrote: > I've been re-running some tests on an EICAR file here with mixed results. > > According to the eicar web page: > > "The first 68 characters is the known string. It may be optionally > appended by any combination of whitespace characters with the total fil

[Clamav-users] EICAR Test File

2004-09-01 Thread Andy Fiddaman

I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: "The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters." If I scan

Re: [Clamav-users] Eicar test

2004-04-14 Thread Bill Randle

On Wed, 2004-04-14 at 04:15, Mike van Vugt wrote: > Hi, > > Downloaded the test but my provider does not allow me to send that > file... I get back a mail telling me the virus is removed and that i am > not allowd to send virusses ;-))) That's a good thing that your provider is providing viru

[Clamav-users] Eicar test

2004-04-14 Thread Mike van Vugt

Hi, Downloaded the test but my provider does not allow me to send that file... I get back a mail telling me the virus is removed and that i am not allowd to send virusses ;-))) Regards, -- - Mike van Vugt - ICQ: 291077353 - - Mail: [EMAIL PROTECTED]

Re: [Clamav-users] eicar test

2004-02-06 Thread Nigel Horne

On Friday 06 Feb 2004 2:42 pm, Krištof Petr wrote: > None of test # 1 - 15 goes through. All was stopped. > clamd 20040206 + clamav-milter version 0.66k Phew, you had me worried for a bit! > Nigel, thank you. You're welcome. > Petr -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH

Re: [Clamav-users] eicar test

2004-02-06 Thread Krištof Petr

Nigel Horne wrote: On Friday 06 Feb 2004 12:54 pm, Krištof Petr wrote: Test #5: Eicar virus sent using BinHex encoding Test #8: Eicar virus sent using BinHex encoding within a MIME segment Running : clamd 20040204 + clamav-milter version 0.66k Please update to a more recent version and re

Re: [Clamav-users] eicar test

2004-02-06 Thread Kristof Hardy

Recently I read somewhere(this list?) about a website that can send eicar tests in different formats to an email address. www.testvirus.org. Tried it too.. Tests 7 and 10 pass through. (but they are catched by our extension filter) The additional tests that fail are: #17 Outlook 'Space Gap' vuln

Re: [Clamav-users] eicar test

2004-02-06 Thread Nigel Horne

On Friday 06 Feb 2004 12:54 pm, Krištof Petr wrote: > Test #5: Eicar virus sent using BinHex encoding > Test #8: Eicar virus sent using BinHex encoding within a MIME segment > > Running : > clamd 20040204 + clamav-milter version 0.66k Please update to a more recent version and retry. As has been

Re: [Clamav-users] eicar test

2004-02-06 Thread Krištof Petr

Edmund wrote: Hi, Recently I read somewhere(this list?) about a website that can send eicar tests in different formats to an email address. www.testvirus.org. I did all 22 tests (16-22 were Outlook vulnerabilities which I also have an interest in filtering, but it's quite OT here) and out of the

1 2 >

1 - 100 of 106 matches

Mail list logo