Hi,
We have whitelisted certain signatures for files which are only detected by
ClamAV to be potentially malicious. And now we face the problem that the
same files are reported again, but with a different signature. I already had
this behaviour when I tested with the EICAR test virus.
The signat
Hello List,
have an odd behaviour of clamav. Version is 0.100.1+dfsg-1ubuntu0.16.04.2
Short:
clamscan is able to find a virus in file, clamdscan not. 1st i thought
about deprecation of AllowSupplementaryGroups, but was not confirmed.
clamdscan -v tells only about an error, but no detailed info
I don't see how that is even remotely possibly. They are three completely
different hash signatures:
[daily.hsb]
9027093eab2a193081a763001e947371:4292:Html.Malware.Agent-6625344-0:73
[daily.hsb]
5591165097d53565d4e5f4e9fda8241a:7367:Html.Malware.Agent-6625164-0:73
[daily.hsb]
f4116176a10805400
Hi,
> I don't see how that is even remotely possibly. They are three completely
> different hash signatures:
>
>[daily.hsb]
>9027093eab2a193081a763001e947371:4292:Html.Malware.Agent-6625344-0:73
>[daily.hsb]
>5591165097d53565d4e5f4e9fda8241a:7367:Html.Malware.Agent-6625164-0:73
>[daily.hsb]
>f
JAR files can be unpacked like tarballs so it is likely that there is a common
file in each that matches those hashes.
Maarten
Sent from a tiny keyboard
> On Aug 7, 2018, at 04:54, Albrecht, Peter wrote:
>
> Hi,
>
>> I don't see how that is even remotely possibly. They are three completely
>
Correct. Jar files are essentially zip files.
Sent from my iPhone
> On Aug 7, 2018, at 07:00, Maarten Broekman wrote:
>
> JAR files can be unpacked like tarballs so it is likely that there is a
> common file in each that matches those hashes.
>
> Maarten
> Sent from a tiny keyboard
>
>> On
The problem is back, this time with two bytecodes: 2 and 90.
ClamAV version is 0.100.1.
The last clamscan run without the error was on 2018-07-26 06:00.
The preceding freshclam run said:
Thu Jul 26 05:49:13 2018 -> main.cld is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
T
Tilman:
What's the MD5 or SHA256 of the file, so I can see if we already have it?
Thanks,
- Alain
On Tue, Aug 7, 2018 at 9:50 AM, Tilman Schmidt wrote:
> The problem is back, this time with two bytecodes: 2 and 90.
> ClamAV version is 0.100.1.
> The last clamscan run without the error was on
If you're concerned that they may be flagging with multiple signatures, you can
also test using:
clamscan --allmatch
It will scan for as many signatures as possible instead of just returning the
first one it finds.
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On Aug 7, 2018, at
Sorry, meant to send that to the list.
Forwarded Message
$ sha256sum .java/deployment/cache/6.0/6/41d72bc6-799a1944
97432da2d77d78872ececf4de2eef1c759e7846db85d4fb14eb02764b6bd02ad
.java/deployment/cache/6.0/6/41d72bc6-799a1944
Scan still running, message count now at 130.
Look
Hi everyone,
it is a long time since in the log of the daily antivirus scan I find
the following warning messages:
START scan Wed Aug 8 05:00:01 CEST 2018
LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes
LibClamAV Warning: Bytecode 23 failed to run: Time limit reached
Li
11 matches
Mail list logo
