[clamav-users] Virus behaviour ?

Hi all, I just discovered ClamAV and give it a try. While scanning an usb-stick, some 'virus' were reported and I came here to find the behaviour of these 'virus' in order to judge by myself their dangerousness. They are the "win.trojan.huerta-1", "win.trojan.agent-" & "txt.downloader.generic-

Re: [clamav-users] Virus behaviour ?

ClamAV does not document malware behavior and many of the signatures are automated in response to samples provided by others, so even the signature team won't have that kind of information. Your best bet would be to upload each of those files to

Re: [clamav-users] Virus behaviour ?

Thank you for your fast reply. :) I gave a try to the provided link. The file containing the "win.trojan.huerta-1" is RED only with Clam. All others virus scanners are GREEN. The file containing the "txt.downloader.generic-" is RED only with Clam. All others virus scanners are GREEN. Only th

Re: [clamav-users] Virus behaviour ?

No, you aren't going to see anything like that on the VirusTotal site, you'll have to go to one of the other well known scanners that found it to be infected to get any kind of description of what it is. -Al- On Sun, Mar 25, 2018 at 03:45 AM, malko wrote: > Unfortunately I didn't see a descript

[clamav-users] Sig missing

Hi, I noticed that signatures are missing. Is this normal? An example. Purchase Order123.iso: Win.Trojan.Agent-6480597-0 FOUND Regards nic ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mai

Re: [clamav-users] Sig missing

What do you mean by missing? It's still in my database... $ sigtool -fWin.Trojan.Agent-6480597-0 [daily.hsb] 4c26f2d46400405f253c26e85ceadd51:507904:Win.Trojan.Agent-6480597-0:73 Added by daily 24409 on or about 21 March. -Al- Al Varnell ClamXAV User On Sun, Mar 25, 2018 at 08:19 PM, Nicholas

Re: [clamav-users] Sig missing

> What do you mean by missing? It's still in my database... > > $ sigtool -fWin.Trojan.Agent-6480597-0 > [daily.hsb] 4c26f2d46400405f253c26e85ceadd51:507904:Win.Trojan.Agent-6480597-0:73 > > Added by daily 24409 on or about 21 March. This is the file which is being detected before. Now it is not

Re: [clamav-users] Sig missing

On Sun, Mar 25, 2018 at 08:29 PM, Nicholas Chua wrote: >> What do you mean by missing? It's still in my database... >> >> $ sigtool -fWin.Trojan.Agent-6480597-0 >> [daily.hsb] > 4c26f2d46400405f253c26e85ceadd51:507904:Win.Trojan.Agent-6480597-0:73 >> >> Added by daily 24409 on or about 21 March.

Re: [clamav-users] Sig missing

>> [root@fantastic Test]# clamscan ../Virus/Purchase\ Order123.iso >> ../Virus/Purchase Order123.iso: Purchase Order123.com.UNOFFICIAL FOUND > > You are using some unofficial signatures, and this one has already detected that file as infected, so no additional signatures will be checked. If you

Re: [clamav-users] Sig missing

On Sun, Mar 25, 2018 at 08:51 PM, Nicholas Chua wrote: > >>> [root@fantastic Test]# clamscan ../Virus/Purchase\ Order123.iso >>> ../Virus/Purchase Order123.iso: Purchase Order123.com.UNOFFICIAL FOUND >> >> You are using some unofficial signatures, and this one has already >> detected that file a

Re: [clamav-users] Difference in ClamAV libs when installing from YUM repo & building from Source

Thanks Reindl & Orion. I will try them out. Thanks Ravi On Fri, Mar 23, 2018 at 8:38 PM, Orion Poplawski wrote: > Yes, see https://src.fedoraproject.org/rpms/clamav/blob/master/f/ > clamav.spec#_73 > > See https://src.fedoraproject.org/rpms/clamav/blob/master/f/ > clamav.spec#_358 > for the bui