On Thu, Sep 04, 2014 at 07:53:30AM +0200, Andreas Schulze wrote:
> Am 26.08.2014 20:56, schrieb Joel Esler (jesler):
> > * Elimination of dead links and pages
> >
> I was told the old website contained the current patternversion
> somewhere. That function is also gone away.
> It's handy to p
In the past day we have had clamscan on several servers detect infected
files due to: PUA.Windows.DoubleExtension-zippwd-3
I've read the clamscan manpage but have not had any luck with getting the
"--detect-pua" option to work. Example:
# clamscan --detect-pua=no ./sample-msg1.txt
./sample-msg1
That is a zip signature looking for double extension files. So, it is
interesting that it is alerting on a .txt file, unless that is a zip file
in disguise.
You can whitelist the signature by adding a whitelist.ign file to your
ClamAV database directory (for me, the path is: /usr/local/share/clama
I'm looking into the PUA issue and will follow up about that.
On Thu, Sep 4, 2014 at 11:43 AM, Douglas Goddard
wrote:
> That is a zip signature looking for double extension files. So, it is
> interesting that it is alerting on a .txt file, unless that is a zip file
> in disguise.
>
> You can wh
Thank you for catching that. PUA is not supported for this signature type,
I will drop the signature and rename it to avoid the confusion of the
incorrect PUA label. You'll need to whitelist the new name when that
appears in a next day or so.
Sorry for the inconvenience,
Doug
On Thu, Sep 4, 2014
Hi Doug,
On Thu, Sep 4, 2014 at 11:54 AM, Douglas Goddard
wrote:
> Thank you for catching that. PUA is not supported for this signature type,
> I will drop the signature and rename it to avoid the confusion of the
> incorrect PUA label. You'll need to whitelist the new name when that
> appears i
I started receiving this virus warning, and I think it's a false alarm. I
read that I could use clamscan --detect-pua=no to have clamscan ignore such
PUA warnings, but that didn't work.
How should I proceed? I notice that this virus definition just got added
yesterday (http://blog.gmane.org/gmane.
On 4. sep. 2014 07.54.34 Andreas Schulze wrote:
It's handy to point a user to the official Website to proof that he's
running outdated viresscanner.
Freshclam gives a warning of outdates here just fine, does not need
external tools to tell me that, are admins so dump todays ?
__
This signature is in the process of being dropped. The signature is a ZMD
and PUA is not supported for this type. Once it is dropped it will be
re-published under a non PUA name.
If you would still like to ignore these alerts you can add the new
signatures' names to a whitelist.ign file in your Cl
