On Tue, 2006-02-28 at 07:42 +0200, Tomi Hakala wrote:
>
> I'm asking this because of I think that I'm seeing false positives
> with XF.Sic.L but I cannot be certain as I don't have any of those
> FP files available.
>
> What makes me think of false positive is that I am running Kaspersky
> and S
Trog wrote:
> It's unlikely to be a false positive. It's likely that the document has
> not been cleaned correctly, and some virus code remains; it's probably
> dormant however.
Kaspersky is usually very good spotting these, in this case it
didn't found anything though.
___
On Tue, 28 Feb 2006 00:16:47 -0500
BitFuzzy <[EMAIL PROTECTED]> wrote:
> I'm trying to add a couple of custom phishing signatures using .ndb
> files within clamav's database directory
>
> For testing purposes I've used a simple phrase "Dear Paypal Members" and
> created a hex key for it
>
> Em
Tomasz Kojm wrote:
Your signature will only match "Dear Paypal Members\n" (0a == new
line) and
not "Dear Paypal Members".
Thanks for the reply.
I knew that when I set it up. I figured if I can't get a simple word
match to work, trying to get complex with it wouldn't be much use.
But alas,
On Tue, 28 Feb 2006 09:15:23 -0500
BitFuzzy <[EMAIL PROTECTED]> wrote:
> Tomasz Kojm wrote:
>
> > Your signature will only match "Dear Paypal Members\n" (0a == new
> > line) and
> >
> >not "Dear Paypal Members".
> >
> Thanks for the reply.
>
> I knew that when I set it up. I figured if I can't
I decoded the hex string and it actually matches "Dear PayPal Member\n"
(PayPal instead of Paypal)
Yea, I caught that, it doesn't make any difference
___
http://lurker.clamav.net/list/clamav-users.html
BitFuzzy wrote:
I decoded the hex string and it actually matches "Dear PayPal Member\n"
(PayPal instead of Paypal)
Yea, I caught that, it doesn't make any difference
Hi,
In your first post you said you'd tried these:
Email.Phishing.Paypal.Test.0227001:0:*:446561722050617950616c204d656d62
On Tue, 28 Feb 2006 18:07:38 +
Steve Basford <[EMAIL PROTECTED]> wrote:
>
> BitFuzzy wrote:
> >
> >> I decoded the hex string and it actually matches "Dear PayPal Member\n"
> >> (PayPal instead of Paypal)
> >>
> > Yea, I caught that, it doesn't make any difference
>
> Hi,
>
> In your first
Tomasz Kojm wrote:
It's not worrying at all. It would be worrying if ClamAV was silently using
a broken signature somehow but it properly reports an error:
Thanks for confirming checking. Well, under cygwin, this is what it does:
C:\CLAMAV~1\bin>clamscan c:\samples
C:\CLAMAV~1\bin>
Tha
To the people who helped me in getting ClamAV upgraded on my system, listed
below are the modifications that needed to be done to get version 0.88 to
install
on the server in question. I appreciate the help that was given, and hopefully
this information will be useful to anyone who may be confront
- Original Message -
From: "Steve Basford" <[EMAIL PROTECTED]>
To: "ClamAV users ML"
Sent: Tuesday, February 28, 2006 1:07 PM
Subject: Re: [Fwd: Re: [Clamav-users] custom signatures not working]
> Some example sigs... Note the case of the text
>
> Sig eg 1:
>
>
Html.Phishing.Pay.Gen017.
On Tue, 28 Feb 2006 19:01:29 +
Steve Basford <[EMAIL PROTECTED]> wrote:
> Tomasz Kojm wrote:
> > It's not worrying at all. It would be worrying if ClamAV was silently
> > using a broken signature somehow but it properly reports an error:
> >
> >
> Thanks for confirming checking. Well, und
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kaplan, Andrew H. wrote:
[snip]
> manager.c
>
> Modify the lines that read:
>
> switch(h_errno)
>
> To read the following:
>
> switch(errno)
It's not the same functionality. You bypassed the problem but the result will
not work as intended.
- -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tomasz Kojm wrote:
[snip]
> Cygwin compilations are known to be seriously broken.
Where does that information come from?
If it where broken, and for the record I get the same result as you did using
the latest Cygwin package of clamav, it should be r
14 matches
Mail list logo
