Re: [clamav-users] PLEASE REMOVE

2014-09-03 Thread Paul Smith
On 03/09/2014 01:38, YSPSC IT wrote: There's no unsubscribe there... Please just do it, Al. Al isn't a list administrator, just someone who understands how things work, so he can't remove you from the list, but he's told you what to do - it takes about 10 seconds (if that). Go to http://li

[clamav-users] False positive for sure

2014-09-03 Thread Gene Heskett
Greetings; This report from last nights clamscan is absolutely a false positive: /home/gene/Downloads/Download/DriveWire4_linux_i386.tar.gz: PUA.Misc.DoubleExtension-zippwd-3 FOUND Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Ple

Re: [clamav-users] False positive for sure

2014-09-03 Thread Joel Esler (jesler)
That's a PUA alert. That's not on by default. -- Joel Esler Sent from my iPhone > On Sep 3, 2014, at 6:40, "Gene Heskett" wrote: > > Greetings; > > This report from last nights clamscan is absolutely a false positive: > /home/gene/Downloads/Download/DriveWire4_linux_i386.tar.gz: > PUA.Mis

Re: [clamav-users] False positive for sure

2014-09-03 Thread Gene Heskett
On Wednesday 03 September 2014 06:51:45 Joel Esler (jesler) did opine And Gene did reply: > That's a PUA alert. That's not on by default. Ok, I'll byte, whats a PUA? > > -- > Joel Esler > Sent from my iPhone > > > On Sep 3, 2014, at 6:40, "Gene Heskett" wrote: > > > > Greetings; > > > > Th

Re: [clamav-users] False positive for sure

2014-09-03 Thread Matus UHLAR - fantomas
On 03.09.14 10:51, Joel Esler (jesler) wrote: That's a PUA alert. That's not on by default. well, if it's THE .tar.gz that caused the PUA alert, it apparently should be ignored. On Sep 3, 2014, at 6:40, "Gene Heskett" wrote: This report from last nights clamscan is absolutely a false posit

Re: [clamav-users] False positive for sure

2014-09-03 Thread Steve Basford
On Wed, September 3, 2014 11:56 am, Gene Heskett wrote: > Ok, I'll byte, whats a PUA? Here's a good description... Q. What is a Potentially Unwanted Application (PUA)? A. The Sophos definition of a PUA is (quote) "a term used to describe an application that is not inherently malicious, but is g

Re: [clamav-users] False positive for sure

2014-09-03 Thread Gene Heskett
On Wednesday 03 September 2014 06:57:59 Matus UHLAR - fantomas did opine And Gene did reply: > On 03.09.14 10:51, Joel Esler (jesler) wrote: > >That's a PUA alert. That's not on by default. > > well, if it's THE .tar.gz that caused the PUA alert, it apparently > should be ignored. > > >> On Sep

Re: [clamav-users] False positive for sure

2014-09-03 Thread Gene Heskett
On Wednesday 03 September 2014 07:01:00 Steve Basford did opine And Gene did reply: > On Wed, September 3, 2014 11:56 am, Gene Heskett wrote: > > Ok, I'll byte, whats a PUA? > > Here's a good description... > > Q. What is a Potentially Unwanted Application (PUA)? > > A. The Sophos definition of

Re: [clamav-users] False positive for sure

2014-09-03 Thread Steve Basford
On Wed, September 3, 2014 12:38 pm, Gene Heskett wrote: > > So as its been yonks since I setup the daily machine scan, where do I > turn off this particular PUA feature? ”—detect-pua” switch for clamscan or disable it in the clamd.conf file. Cheers, Steve Sanesecurity

Re: [clamav-users] False positive for sure

2014-09-03 Thread Gene Heskett
On Wednesday 03 September 2014 07:41:36 Steve Basford did opine And Gene did reply: > On Wed, September 3, 2014 12:38 pm, Gene Heskett wrote: > > So as its been yonks since I setup the daily machine scan, where do I > > turn off this particular PUA feature? > > ”—detect-pua” switch for clamscan or

Re: [clamav-users] False positive for sure

2014-09-03 Thread Steve Basford
On Wed, September 3, 2014 12:54 pm, Gene Heskett wrote: >> >> ”—detect-pua” switch for clamscan or disable it in the clamd.conf file. >> > > Which one?, I have 3 of them. This is an old ubuntu 10.04 LTS install. > Also its reported as version 98.1. If you are using clamscan then I guess you've g

Re: [clamav-users] False positive for sure

2014-09-03 Thread Douglas Goddard
We're working on some signatures for our users who run ClamAV on their mail servers. We'll be tweaking them over the next few weeks to minimize false positives, but with loose signatures like this, it is difficult to eliminate them completely. If you're not concerned about double extension files i

Re: [clamav-users] ClamAV®: The new ClamAV.net is here!

2014-09-03 Thread Joel Esler (jesler)
Ed, Thanks, we’ll have a look. > On Sep 2, 2014, at 2:18 PM, Ed Christiansen MS wrote: > > You might want to fix the website. > > When I click on the red text "source code" on download page and then the big > red "download source" button I still get the clamav-0.98.4-win32.msi which > isn't

[clamav-users] clamd crashed

2014-09-03 Thread MAYER Hans
Dear ClamAv Users, In my environment I have 2 external mail gateway in the DMZ, forwarding all e-mails to an internal mail server. All of them are running Solaris 11 with sendmail and mimedefang as milter. I am running this constellation since about more than a year very successfully without

Re: [clamav-users] False positive for sure

2014-09-03 Thread Gene Heskett
On Wednesday 03 September 2014 10:44:21 Douglas Goddard did opine And Gene did reply: > We're working on some signatures for our users who run ClamAV on their > mail servers. We'll be tweaking them over the next few weeks to > minimize false positives, but with loose signatures like this, it is > d

Re: [clamav-users] clamd crashed

2014-09-03 Thread Steven Morgan
Hello Hans, Please send your clamd.conf to me at smor...@sourcefire.com. If you can identify a file or email that causes the failure, that will help as well. In the meantime, I'll find a place where you can send your core file. Thanks, Steve On Wed, Sep 3, 2014 at 11:46 AM, MAYER Hans wrote:

Re: [clamav-users] ClamAV®: The new ClamAV.net is here!

2014-09-03 Thread Andreas Schulze
Am 26.08.2014 20:56, schrieb Joel Esler (jesler): > * Simple Navigation > "Thanks" for the next site only usable with mainstream browsers and JavaScript enabled :-/ > * Elimination of dead links and pages > I was told the old website contained the current patternversion somewhere.