Hi,
given is a very simple example test-file:
# more BAD.file
%PDF-1.7
5 0 obj
/F << /Type /FileSpec /F (http://bad.url/crap.xlsx) /V true /FS /URL >>
>>
another bad string
5 0 obj
Now i add a string to a new test.db file:
# SIG=`echo "another bad string" | sigtool --hex-dump` && echo "s
Hello
Maybe use "echo -n" to avoid final carriage return in string.
Le 14/08/2020 à 10:16, Stefan Bauer via clamav-users a écrit :
Hi,
given is a very simple example test-file:
# more BAD.file
%PDF-1.7
5 0 obj
/F << /Type /FileSpec /F (http://bad.url/crap.xlsx) /V true /FS
/URL >>
Arnaud, you made my day. Thank you. that's it. :)
Am Fr., 14. Aug. 2020 um 11:27 Uhr schrieb Arnaud Jacques <
webmas...@securiteinfo.com>:
> Hello
>
> Maybe use "echo -n" to avoid final carriage return in string.
>
>
> Le 14/08/2020 à 10:16, Stefan Bauer via clamav-users a écrit :
> > Hi,
> >
> >
I'm becoming quite disillusioned with ClamAV. In the last five years,
ClamAV which is installed on my email server, has failed to detect a
single piece of malware on the system before that malware ceases to be
in email circulation. Not one, out of thousands. And I'm not talking
about encrypted z
* Kurt Fitzner :
> ClamAV has, I'm afraid, become worse than nothing. Nothing doesn't take
> up memory, storage space, and execution resources but nets the same
> result. Nothing, by definition, doesn't come with that implied "it's
> better than nothing" which ClamAV does and clearly isn't.
>
Hello,
I have an XLSM spreadsheet that ClamAV is detecting malware in. Its popping
up as Xls.Malware.Sagent-7132944-0 and I have not been able to find any
information related to this definition. Can anyone shed some light on what
this relates to?
This is an in house created spreadsheet for my com
* Matt Campbell via clamav-users :
> Hello,
>
> I have an XLSM spreadsheet that ClamAV is detecting malware in. Its popping
> up as Xls.Malware.Sagent-7132944-0 and I have not been able to find any
> information related to this definition. Can anyone shed some light on what
> this relates to?
# s
Hey Matt!
Thank you for reporting this. The signature has been dropped while we
investigate the situation to prevent more FPs.
Lilia Gonzalez Medina
Malware Research Team
Cisco Talos
On Fri, Aug 14, 2020 at 11:10 AM Matt Campbell via clamav-users <
clamav-users@lists.clamav.net> wrote:
> Hello,
