Hello,
did you really drop the signature?
During the weekend scan (clamscan), we got 45 false positives. According
to file names, they seem to be signed official PDF documents from goverment.
On 04/28/17 17:16, Christopher Marczewski wrote:
> Thanks for the reports. We'll be modifying the signat
It never appeared on a daily as being dropped, but when I checked on Saturday
and again just now, I can't find it:
> $ sigtool --find Pdf.Exploit.CVE_2017_3039-6300177-0
> $
I don't think it is related, but there was an issue with DNS that stopped all
updates after 23343 late Saturday until mi
I see there is an rewrite in daily 23349 that just posted:
> VIRUS NAME: Pdf.Exploit.CVE_2017_3039-6300177-2
> TDB: Engine:81-255,Target:10
> LOGICAL EXPRESSION: 0&1&2=0
> * SUBSIG ID 0
> +-> OFFSET: ANY
> +-> SIGMOD: NONE
> +-> DECODED SUBSIGNATURE:
> /Adobe.PPKLite/Location{WILDCARD_ANY_STRI
Hi,
I'm now getting some other signed pdf matched by
Pdf.Exploit.CVE_2017_3039-6300177-2
As with the Pdf.Exploit.CVE_2017_3039-6300177-0 it only happens using
the daemon and not clamscan.
Regards
Giuseppe
Il 02/05/2017 09:46, Al Varnell ha scritto:
> I see there is an rewrite in daily 23349 tha
I do see a few alerts for Pdf.Exploit.CVE_2017_3039-6300177-2 on
VirusTotal, too.
We'll be dropping the signature again & examining further.
On Tue, May 2, 2017 at 8:24 AM, Giuseppe Ravasio <
giuseppe_rava...@ch.modiano.com> wrote:
> Hi,
>
> I'm now getting some other signed pdf matched by
> Pdf
Dear Clamav users,
I was scanning a ZIP file with both: clamscan (on Xubuntu), and clamwin
(on Win7).
Clamwin found a virus, where clamscan did not.
I'm surprised, since I thought these are just 2 frontends for the same
engine and virus database?
I updated the database on Linux using "$ sudo fre
Can you tell us which virus you encountered? Also can you validate that the
file has the same checksum in both windows and Linux?
> On May 2, 2017, at 2:22 PM, Peter B. wrote:
>
> Dear Clamav users,
>
> I was scanning a ZIP file with both: clamscan (on Xubuntu), and clamwin
> (on Win7).
> Cla
First thing I notice is that you are running two different versions of ClamAV.
--
Sent from my iPhone
> On May 2, 2017, at 20:08, Rafael Ferreira wrote:
>
> Can you tell us which virus you encountered? Also can you validate that the
> file has the same checksum in both windows and Linux?
>
Hi Folks,
I've been getting the following error for a week or so:
'LibClamAV Warning: Bytecode runtime error at line 1226, col 4'
I finally found the time to run ClamAV in verbose mode and believe this is
the culprit:
'Scanning C:\Program Files (x86)\Applian Director\ClearRegCode.exe'
At least
