On Wednesday 17 October 2012 03:08:07 Al Varnell did opine:
> Gene,
>
> Note that the ClamAV folks do not accept the premise of a PUA being an
> FP.
>
> If you go to the FP submission page you will read:
>
> "Please do not report false positives for PUA.* signatures because they
> are automatic
Hi,
with the newest DB (updated 4hours ago) I get the following virus detection:
/share/c-on/download/Netzwerk/WebTools/DokuWiki/dokuwiki-2011-05-25a.tgz:
PHP.Exploit.CVE_2011_4153-2 FOUND
/share/c-on/download/Netzwerk/WebTools/DokuWiki/dokuwiki-2009-12-25c.tgz:
PHP.Exploit.CVE_2011_4153-2 FOUN
I sent a note out on this yesterday with reference to most Mac OS X users
who have /usr/php/install-pear-nozlib.phar on their hard drives, having
already submitted the file as an FP. Since then there have been a couple of
other Unix users report similar results and a promise to get back to us, but
On 10/17/12 12:09 AM, "Gene Heskett" wrote:
> On Wednesday 17 October 2012 03:08:07 Al Varnell did opine:
>
>> Gene,
>>
>> Note that the ClamAV folks do not accept the premise of a PUA being an
>> FP.
>>
>> If you go to the FP submission page you will read:
>>
>> "Please do not report false p
Found your message. Thanks Al!
(and sorry for my forgotten subject ... :-( )
Steffen
> I sent a note out on this yesterday with reference to most Mac OS X users
> who have /usr/php/install-pear-nozlib.phar on their hard drives, having
> already submitted the file as an FP. Since then there hav
Hello,
i'm seeing the same issue on bunch of linux servers(centos5, ubuntu-10.04).
For example, it found PHP.Exploit.CVE_2011_4153-2 in freepbx tar.gz archive
http://mirror.freepbx.org/freepbx-2.8.0.tar.gz
but if i untar tar.gz and scan the content of archive it can not find anything.
Thank you
The signature has been updated this morning to:
PHP.Exploit.CVE_2011_4153-2:0:*:3c3f{-512}646566696e6528{-20}7374725f72657065617428{-20}2461726776
Please update your signatures to Daily CVD 15471 or later.
Thanks,
- Alain
___
Help us build a comprehen
The signature has been updated this morning to:
PHP.Exploit.CVE_2011_4153-2:0:*:3c3f{-512}646566696e6528{-20}7374725f72657065617428{-20}2461726776
Please update your signatures to Daily CVD 15471 or later.
Thanks,
- Alain
___
Help us build a comprehen
The signature has been updated this morning to:
PHP.Exploit.CVE_2011_4153-2:0:*:3c3f{-512}646566696e6528{-20}7374725f72657065617428{-20}2461726776
Please update your signatures to Daily CVD 15471 or later.
Thanks,
- Alain
___
Help us build a comprehen
On Wednesday 17 October 2012 09:36:40 Al Varnell did opine:
> On 10/17/12 12:09 AM, "Gene Heskett" wrote:
> > On Wednesday 17 October 2012 03:08:07 Al Varnell did opine:
> >> Gene,
> >>
> >> Note that the ClamAV folks do not accept the premise of a PUA being
> >> an FP.
> >>
> >> If you go to t
On Wednesday 17 October 2012 10:10:59 Al Varnell did opine:
> On 10/17/12 12:09 AM, "Gene Heskett" wrote:
> > On Wednesday 17 October 2012 03:08:07 Al Varnell did opine:
> >> Gene,
> >>
> >> Note that the ClamAV folks do not accept the premise of a PUA being
> >> an FP.
> >>
> >> If you go to t
Gene,
Signatures for Potentially Unwanted Applications or "PUA" are turned
off by default and have to be explicitly turned on. You can safely
keep them turned off if they don't work for your environment and your
scanning needs.
You can also ignore any signature locally by just adding the signatur
On Wednesday 17 October 2012 12:06:36 Alain Zidouemba did opine:
> Gene,
>
> Signatures for Potentially Unwanted Applications or "PUA"
So that is what that stands for! It is flat out undefined in the sites
doc.pdf. Like I said in a previous msg, that .pdf needs translated to
plain English.
Hi--
On Oct 17, 2012, at 9:16 AM, Gene Heskett wrote:
[ ... ]
>> are turned off by default and have to be explicitly turned on.
>
> My crontab's invocation had --detect-pua, with no following argument, so
> apparently it defaults to on in those circumstances.
Some decades ago Unix folks standa
On 10/17/12 9:16 AM, "Gene Heskett" wrote:
> On Wednesday 17 October 2012 12:06:36 Alain Zidouemba did opine:
>
>> Gene,
>>
>> Signatures for Potentially Unwanted Applications or "PUA"
>
> So that is what that stands for! It is flat out undefined in the sites
> doc.pdf. Like I said in a prev
On Wednesday 17 October 2012 14:36:25 Chuck Swiger did opine:
> Hi--
>
> On Oct 17, 2012, at 9:16 AM, Gene Heskett wrote:
> [ ... ]
>
> >> are turned off by default and have to be explicitly turned on.
> >
> > My crontab's invocation had --detect-pua, with no following argument,
> > so apparent
On Oct 17, 2012, at 11:42 AM, Gene Heskett wrote:
> No, WRONG context. I am explicitly turning it off. Whether that is the
> same as removing it from the launching cli, I haven't tested. But I
> suspect that if I removed --detect-pua, it would still default to on.
> Correct?
Nope. This is w
On Wednesday 17 October 2012 14:56:49 Chuck Swiger did opine:
> On Oct 17, 2012, at 11:42 AM, Gene Heskett wrote:
> > No, WRONG context. I am explicitly turning it off. Whether that is
> > the same as removing it from the launching cli, I haven't tested.
> > But I suspect that if I removed --det
Hi--
On Oct 17, 2012, at 11:58 AM, Gene Heskett wrote:
>> --detect-pua[=yes/no(*)]
>> Detect Possibly Unwanted Applications
>
> Then we have a bug. :( from the run just completed, --detect-pua=no was
> ignored, it still found them all. That IMO is a bug. I'll remove it for
On Wednesday 17 October 2012 15:40:22 Chuck Swiger did opine:
> Hi--
>
> On Oct 17, 2012, at 11:58 AM, Gene Heskett wrote:
> >> --detect-pua[=yes/no(*)]
> >>
> >> Detect Possibly Unwanted Applications
> >
> > Then we have a bug. :( from the run just completed, --detect-
20 matches
Mail list logo
