On Wed, 7 Jun 2023, Al Varnell via clamav-users wrote:
> Date: Wed, 7 Jun 2023 22:36:52 -0700
> From: Al Varnell via clamav-users
> To: ClamAV users ML
> Cc: Al Varnell
> Subject: Re: [clamav-users] Unix.Malware.Kaiji-10003916-0
>
> Note that the signature was dropped in daily - 26932 which
> So how does Kaiji-10003917-0 to Kaiji-10003916-0 ? Does
> Kaiji-10003916-0 get thrown out, or does it get updated to
> Kaiji-10003917-0 ?
The way it was explained to me (years ago) is that they are separate
signatures, unrelated expect in that they are related to Kaiji. If 10003916-0
was upd
First get the file's hash value:
sigtool --md5 /home/tmick/.config/libreoffice/4/user/basic/Standard/Module1.xba
Then copy the results to an fp.local file. You will probably have to create
such a file and add it to the ClamAV database.
-Al-
> On Jun 7, 2023, at 11:45 AM, Tim McConnell via cla
Thanks for that AL, now how do I add to the DB? Two things I'm not is a
programmer or DBA :-(
--
Tim McConnell
On Thu, 2023-06-08 at 05:01 -0700, Al Varnell wrote:
> First get the file's hash value:
>
> sigtool --md5
> /home/tmick/.config/libreoffice/4/user/basic/Standard/Module1.xba
>
> T
What db do you think you want to add it to?— Sent from my iPhoneOn Jun 8, 2023, at 12:35, Tim McConnell via clamav-users wrote:Thanks for that AL, now how do I add to the DB? Two things I'm not is a programmer or DBA :-( -- Tim McConnell On Thu, 2023-06-08 at 05:01 -0700, Al Varnell wrote:First
Well I would assume the clam DB but I've no idea how or any of that. I
would think the new Macro for Libre Office Calc would be in there
already but I've been wrong before.
On Thu, 2023-06-08 at 13:03 -0400, Joel Esler wrote:
> What db do you think you want to add it to?
>
> —
> Sent from my iP
This is correct. Kaiji-10003917-0 would be a separate signature, loosely
related Kaiji-10003916-0. If Kaiji-10003916-0 had been updated, it would be
Kaiji-10003916-1.
If it were handwritten, we probably would have done that. In this case, the
signature was generated by an automated system, s
If you wish to ignore the PUA.Doc.Tool.LibreOfficeMacro-2 signature, you can
create a .ign2 signature file in your clamav database directory.
See
https://docs.clamav.net/manual/Signatures/AllowLists.html#signature-ignore-lists
for details.
Micah Snyder
ClamAV Development
Talos
Cisco Systems,
I agree with you. I suspect the majority of cases today is when people have a
large archive of files to scan.
I think best case scenario for people with a need to scan files larger than the
present internal 2GB limit is that archives larger than 2GB are decompressed
and then the files inside a
Thank You Micah!!!
On Thu, 2023-06-08 at 20:20 +, Micah Snyder (micasnyd) wrote:
> If you wish to ignore the PUA.Doc.Tool.LibreOfficeMacro-2 signature,
> you can create a .ign2 signature file in your clamav database
> directory.
>
> See
> https://docs.clamav.net/manual/Signatures/AllowLists
Hello,
how can I declare my public ip address so that it is not blocked when
downloading databases
Le jeudi 8 juin 2023 à 22:22:10 UTC+2, Micah Snyder (micasnyd) via
clamav-users a écrit :
If you wish to ignore the PUA.Doc.Tool.LibreOfficeMacro-2 signature, you can
create a .ign2 si
On Thu, 8 Jun 2023, Micah Snyder (micasnyd) wrote:
I agree with you. I suspect the majority of cases today is when
people have a large archive of files to scan.
I think best case scenario for people with a need to scan files
larger than the present internal 2GB limit is that archives larger
th
there is no way, your ip will be unblocked from cdn automatically after 24
hours
Am 9. Juni 2023 00:23:31 schrieb presario2133--- via clamav-users
:
Hello,
how can I declare my public ip address so that it is not blocked when
downloading databases
Le jeudi 8 juin 2023 à 22:22:10 UTC+2, M
13 matches
Mail list logo
