Re: [clamav-users] Recent rash of FPs

All sigs have a number at the end. Unless it's the first with that name. -- Joel Esler iPhone On Feb 17, 2016, at 6:08 AM, Mark Allan mailto:markjal...@gmail.com>> wrote: Hi all, I'm just wondering if there's an underlying reason for the recent rash of FP detections. F

Re: [clamav-users] ClamAV FP/Malware Submissions

Mark, No, we received them. They just weren’t being processed correctly. This has been fixed now. -- Joel Esler Manager, Talos Group On Feb 17, 2016, at 3:48 AM, Mark Allan mailto:markjal...@gmail.com>> wrote: Thanks Joel. Do we need to resubmit the FPs we submitted over the las

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

Okay, so this is a long email, let me respond inline: -- Joel Esler Manager, Talos Group On Feb 17, 2016, at 9:40 AM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: Hello Ok, in short you know about the disaster last week where a single signature was issued by ClamA

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

n the public. THIS is my point. Always. Regards On 17/02/2016 22:47, Joel Esler wrote: > I am sure we could go back and forth on and off list about these issues > until we are blue in the face. There are many things below that are > incorrect, assumptions or otherwise. I'm not going t

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

For my, I use Mail.app the majority of the time. Apparently if I delete lines and inline reply like I do in Thunderbird, Mail.app just tells me to eat dust and unthreads the whole thing. Guess I should file a bug with Apple. -- Joel Esler Manager, Talos Group On Feb 17, 2016, at 2:54 PM

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

On Feb 18, 2016, at 4:01 AM, Mark Allan mailto:markjal...@gmail.com>> wrote: On 17 Feb 2016, at 11:21 pm, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: For my, I use Mail.app the majority of the time. Apparently if I delete lines and inline reply like I do in Thunderbi

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

SEE. Didn’t do it right! Stupid mail.app. -- Joel Esler Manager, Talos Group On Feb 18, 2016, at 10:28 AM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: On Feb 18, 2016, at 4:01 AM, Mark Allan mailto:markjal...@gmail.com><mailto:markjal...@gmail.com>> wrote

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

Yeah, I know, it unfortunately has nothing to do with how I read the email, it has to do with whatever changes they made to handling quoting in the newer versions. Well, I think we’ve drifted far enough off topic now ;) -- Joel Esler Manager, Talos Group On Feb 18, 2016, at 10:37 AM, Mark

Re: [clamav-users] Another submission of the JavaScript virus

Are you able to submit this file to us via ClamAV.net<http://clamav.net>? -- Joel Esler Manager, Talos Group On Feb 19, 2016, at 8:39 PM, Gerald Venzl mailto:gerald.ve...@gmail.com>> wrote: Hi, I haven't heard anything back yet from my submission and as I'm new t

Re: [clamav-users] clamd server '/var/run/clamd.amavisd/clamd.sock' gave '' response

Gentlemen. We get the point. We’re working on it. I had a conversation with the malware lead last week to see what we can do here. -- Joel Esler Manager, Talos Group On Feb 22, 2016, at 12:06 PM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: I dont think there

Re: [clamav-users] IPv6 servers having problems?

Jay, I’ve forwarded the email over to our Ops Team. -- Joel Esler Manager, Talos Group On Feb 22, 2016, at 4:06 PM, Jay Clubb mailto:j...@clubbusa.com>> wrote: Starting to see more and more of this: ERROR: getpatch: Can't download daily-21400.cdiff from db.us.ipv6.clam

Re: [clamav-users] email error submitting a virus sample

Kristen, We'll take a look. Please send us the hashes of the files. -- Joel Esler Manager, Talos Group Sent from my iPad On Feb 27, 2016, at 8:21 PM, Kristen mailto:kris...@atmyhome.org>> wrote: List, I just submitted to the virus submission webpage a new sample of a virus

Re: [clamav-users] Add virus databases and signatures from third-party vendors

-- Joel Esler Manager, Talos Group On Feb 28, 2016, at 8:26 AM, Theodore Alcapotaxis mailto:summercas...@dcemail.com>> wrote: --- alvarn...@mac.com<mailto:alvarn...@mac.com> wrote: From: Al Varnell mailto:alvarn...@mac.com>> To: ClamAV users ML mailto:clamav-user

[clamav-users] ClamAV® blog: ClamAV 0.99.1 has been released!

es including extracting and scanning embedded objects. ClamAV 0.99.1 also contains important bug fixes. Please see ChangeLog for details. Thanks to the following community members for code submissions used in ClamAV 0.99.1: Jim Morris Andreas Cadhalpun Mark Allan Sebastian Siewior -- Joel Esl

Re: [clamav-users] ClamAV® blog: ClamAV 0.99.1 has been released!

A bunch of bug fixes, mostly. Feature add of HWP file processing. -- Joel Esler Manager, Talos Group On Mar 2, 2016, at 5:25 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: Disregard, I will read the ChangeLog to find out. -Al- On Wed, Mar 02, 2016 at 02:21 PM, Al Varnell wrote:

Re: [clamav-users] clamav email error after submission of a virus sample

knc, We are working on the submission process as we speak to make this simpler. I feel like a broken record saying this, but the submission process has changed a lot recently and we’re working on it -- Joel Esler Manager, Talos Group > On Mar 2, 2016, at 6:38 PM, knc wrote: > >

Re: [clamav-users] clamav email error after submission of a virus sample

ClamAV.net<http://clamav.net> is behind cloudflare. -- Joel Esler Manager, Talos Group On Mar 4, 2016, at 6:20 AM, Alessandro Vesely mailto:ves...@tana.it>> wrote: On Thu 03/Mar/2016 03:34:15 +0100 Joel Esler (jesler) wrote: We are working on the submission process as we s

Re: [clamav-users] clamav email error after submission of a virus sample

I don’t mind talking about it, we do it for load balancing the traffic and DDoS protection, which, as you can imagine, being an AV company, happens. But when you say “cloudflare is enabled” what does that mean? -- Joel Esler Manager, Talos Group On Mar 5, 2016, at 11:52 AM, Alessandro

[clamav-users] ClamAV® blog: ClamAV will release a new main.cvd and daily.cvd this weekend.

shouldn't experience any problems. For any questions, please do not hesitate to contact us. -- Joel Esler Manager, Talos Group ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact

Re: [clamav-users] about countermeasure for false positive

I think your answer is pretty good. It’s clearly not every clean file in the world. But clean files are added to the FP test all the time. -- Joel Esler Manager, Talos Group On Mar 8, 2016, at 5:55 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: From previous communications h

Re: [clamav-users] ClamAV® blog: ClamAV will release a new main.cvd and daily.cvd this weekend.

Correct. -- Joel Esler Manager, Talos Group On Mar 9, 2016, at 5:30 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: My Main.cvd (compressed) is only 64.7M so I would have to guess that the majority of the current Daily will be added to Main which making it ~100M compressed. -Al-

Re: [clamav-users] ClamAV® blog: ClamAV will release a new main.cvd and daily.cvd this weekend.

No, this will be a completely new main. Since we are redoing the backend of how those are generated, a completely new main.cvd will have to be made. -- Joel Esler Manager, Talos Group On Mar 10, 2016, at 4:59 AM, Mark Allan mailto:markjal...@gmail.com>> wrote: Will the update to ma

[clamav-users] ClamAV Signature Interface has begun its migration!

a new main.cvd this weekend. -- Joel Esler Manager, Talos Group ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-virusdb mailing list - what is the use?

? Added: No, means, the file that someone submitted is detected by another signature already, and this is a duplicate. Added: Yes, means, net new detection. -- Joel Esler Manager, Threat Intelligence Team & Open Source Talos Group http://www.talosintel.com ___

Re: [clamav-users] clamav-virusdb mailing list - what is the use?

easier.. how about. site:lists.clamav.net/pipermail/clamav-virusdb/ "Stephen Kelly” Replace “Stephen Kelly” with your name. Throw that into Google.. Bingo, find your results. -- Joel Esler Manager, Talos Group On Mar 11, 2016, at 3:15 PM, Groach mailto:groachmail-stopspammin...@yaho

Re: [clamav-users] Why did you block me clamAV page??

This was fixed yesterday. Apologize for the inconvenience. I appreciate you all being patient, lots of change going on here lately, for the better, but there is always some turmoil during change. Appreciate the patience and effort you’ve shown us! -- Joel Esler Manager, Talos Group On

Re: [clamav-users] [Clamav-mirrors] ClamAV Signature Interface has begun its migration!

as we’re ready to release the new database builds. We apologize for any inconvenience during this time. -- Joel Esler Manager, Talos Group On Mar 14, 2016, at 8:41 AM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: On Mar 14, 2016, at 3:31 AM, Andreas S

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

Afaik, this hasn't been up in a long time. We took it down, I thought, when we redid the website. -- Joel Esler iPhone On Mar 18, 2016, at 6:30 PM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: Subject line was URL links on 3/17/2016. That was when Joel suggested the stats

Re: [clamav-users] New ClamnAV database....test results for Clamwin

Thanks for the feedback! -- Joel Esler iPhone On Mar 17, 2016, at 4:55 AM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: For your info: I run Clamwin, with the additional Clamd, and supplemented with Sane security definitions. I was VERY apprehensive about today a

Re: [clamav-users] URL Links

Where are those? We need to remove them. -- Joel Esler iPhone On Mar 17, 2016, at 7:05 AM, Jerry mailto:je...@seibercom.net>> wrote: I just did a fresh install of ClamAV on a FreeBSD machine. While configuring the program,I found that the following URLs were broken: http://www.clam

Re: [clamav-users] Signature updates?`

Paul, You are correct. We're going through testing right now, expect an announcement from me shortly. -- Joel Esler iPhone On Mar 16, 2016, at 11:04 AM, Paul Kosinski mailto:clamav-us...@iment.com>> wrote: Paul Kosinski ___ Help

Re: [clamav-users] clamav on virus total

Yes. They update constantly. We just aren't able to get to the millions of samples we receive a day. -- Joel Esler iPhone On Mar 17, 2016, at 4:04 PM, Helmut Hullen mailto:hul...@t-online.de>> wrote: Hallo, C.D., Du meintest am 17.03.16: My only question: Is clamav on virustotal

Re: [clamav-users] clamscan false positives

Best thing to do is submit them as false positives on ClamAV.net<http://clamav.net> -- Joel Esler iPhone On Mar 17, 2016, at 6:54 AM, Thomas Stein mailto:himbe...@meine-oma.de>> wrote: Hello Clamav users. Last week i started to check a gentoo distfiles directory with clamsca

[clamav-users] ClamAV® blog: ClamAV Signature Interface maintenance is now complete! New Main.cvd!

http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance.html ClamAV Signature Interface maintenance is now complete! New Main.cvd! Our ClamAV Signature Interface maintenance is now complete. While we ap

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

That's the way it used to be. Used to have openid as a log in option. -- Joel Esler iPhone On Mar 19, 2016, at 10:52 AM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: The DNS configuration for www.stats.clamav.net<http://www.stats.clamav.net> are suspect. I just lo

Re: [clamav-users] Problem with mirrors overnight?

It's possible they are overloaded. We released a new main.cvd and daily late last night. -- Joel Esler iPhone On Mar 17, 2016, at 8:41 AM, Alex mailto:mysqlstud...@gmail.com>> wrote: Hi, Is there currently an issue with the mirrors? I have at least two systems on two different ne

Re: [clamav-users] clamav on virus total

Those are unique. -- Joel Esler iPhone On Mar 17, 2016, at 4:41 PM, C.D. Cochrane mailto:c...@post.com>> wrote: Thank you all for the replies. Just wanted to make sure my approach was logical, and VT is a reliable reference point for clamav comparison scanning. "millions

Re: [clamav-users] [Community-sigs] ClamAV® blog: ClamAV Signature Interface maintenance is now complete! New Main.cvd!

Thank you, and you're right. This project has been close to two years in the making. As far as the name of the cvd's, I don't believe the names are changing. -- Joel Esler iPhone On Mar 16, 2016, at 11:58 PM, Rafael Ferreira mailto:r...@uvasoftware.com>> wrote: Joel,

Re: [clamav-users] Locky Dridex plan

es that we did not have before. But we'll need to take a couple steps, IMO, to tidy up the community first. One step needs to be to EOL 0.97.x releases (as we should have done when we released 0.99, as per our EOL plan). As those older versions don't accept certain types of signature

Re: [clamav-users] Locky Dridex plan

Generally this means that we just won't regression test signatures against that version anymore. -- Joel Esler Manager, Talos Group Sent from my iPad On Mar 25, 2016, at 10:12 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: Can you be a little more specific about the manner in

Re: [clamav-users] Locky Dridex plan

It may. It depends on the Linux distro and if they have updated the package. Unfortunately we don't maintain the packages and some of the package maintainers don't respond. -- Joel Esler iPhone On Mar 26, 2016, at 9:26 AM, C.D. Cochrane mailto:c...@post.com>> wrote: And

Re: [clamav-users] Locky Dridex plan

We even have a list for package maintainers to sign up on, where I notify the maintainers of upcoming releases. Very little traffic. -- Joel Esler iPhone On Mar 26, 2016, at 9:31 PM, Benny Pedersen mailto:m...@junc.eu>> wrote: one more reason to use gentoo where i created a github

Re: [clamav-users] Latest samba source contains Win.Trojan.Qhost-106?

The largest place where ClamAV is deployed is on mail gateways. However ClamAV is deployed everywhere. Desktops, servers, mail gateways, I’ve even heard of people compiling for their Android platform, and of course Windows. -- Joel Esler Manager, Talos Group On Mar 30, 2016, at 4:53 PM

Re: [clamav-users] important message

May not have been. I just happened to see it, knew it was Crap and removed the user. Kinda standard procedure. If I had to guess, I'm betting pharma spam. I can sandbox it and see next time I'm at my desk. -- Joel Esler iPhone On Apr 3, 2016, at 7:29 PM, Gene Heskett ma

[clamav-users] ClamAV® blog: ClamAV Community Signature contest winner for March, 2016

n the monthly contest and try and win your ClamAV swag, please see my post on the blog<http://blog.clamav.net/2016/03/clamav-monthly-community-signature.html>. Once again, thank you, and congratulations to Samuel! -- Joel Esler Manager, Talos Group _

Re: [clamav-users] ClamAV - References

Do they also realize that (and I can guarantee it that) they are using “free open source initiatives” all over their bank? -- Joel Esler Manager, Talos Group On Apr 18, 2016, at 7:33 PM, Paul Kosinski mailto:clamav-us...@iment.com>> wrote: "However, as a bank, our security de

Re: [clamav-users] ClamAV - References

will NOT accept that solution, no matter how much data you gather to prove that that would be a great solution. True. -- Joel Esler Manager, Threat Intelligence Team & Open Source Talos Group http://www.talosintel.com ___ Help us build a comprehe

Re: [clamav-users] FP Win.Trojan.Agent-1395367

Yeah, sorry, I was swamped yesterday and didn’t get to follow up, we obviously dropped them both. -- Joel Esler Manager, Talos Group On Apr 21, 2016, at 4:08 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Looks like the other was dropped, as well in Daily:21500 Dropped Det

[clamav-users] ClamAV® blog: ClamAV 0.99.2 has been released!

ClamAV lists<http://www.clamav.net/contact>. -- Joel Esler Manager, Talos Group ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav malware reports Notify Me

After many complaints, we aren’t publishing the names in the virusdb email anymore. We have a bug open with our team to check and see what the issue is with individual notification. -- Joel Esler Manager, Talos Group On May 5, 2016, at 11:21 AM, Al Varnell mailto:alvarn...@mac.com>>

Re: [clamav-users] clamav malware reports Notify Me

Understood, hence the second part of my statement in my email: "We have a bug open with our team to check and see what the issue is with individual notification.” -- Joel Esler Manager, Talos Group On May 5, 2016, at 1:17 PM, C.D. Cochrane mailto:c...@post.com>> wrote: I

Re: [clamav-users] clamav malware reports Notify Me

No, I wouldn’t think so. But that’s that our bug is hoping to find out. -- Joel Esler Manager, Talos Group On May 5, 2016, at 2:15 PM, C.D. Cochrane mailto:c...@post.com>> wrote: Ah, okay. A bug could explain a lack of notifications. Must one ALSO be subscribed to the clamav-v

Re: [clamav-users] ClamAV Digest weirdness

Interesting. I haven’t had any other reports of this.. I’ll keep an eye out -- Joel Esler Manager, Talos Group On May 6, 2016, at 12:17 PM, Paul Kosinski mailto:clamav-us...@iment.com>> wrote: Today (6 May), I received a single 1.22 MB Digest email with an astounding *586* items,

Re: [clamav-users] Signature update schedule, and requirements for adding Signatures

Correct. Now that we are back to pushing updates every 4 hours, whereas most AV companies only push once or twice a day. -- Joel Esler Manager, Talos Group On May 17, 2016, at 10:20 AM, C.D. Cochrane mailto:c...@post.com>> wrote: My 2 cents would be that rapid traditional sig

[clamav-users] ClamAV® blog: ClamAV 0.97 Engine End of Life Announcement

t, we are no longer testing that configuration, so you are on your own. Please upgrade to the newest version of ClamAV, currently at 0.99.2, available for download<http://www.clamav.net/downloads>. Thank you for using ClamAV! -- Joel Esler Manager,

Re: [clamav-users] Clam & safe browsing question/problem

This is something the team is actively working on. Please stay tuned. -- Joel Esler Manager, Talos Group On May 22, 2016, at 12:38 PM, TR Shaw mailto:ts...@oitc.com>> wrote: The following is safebrowsing’s test host name, malware.testing.google[.]test, and using google’s test page

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

-- Joel Esler Manager, Talos Group On May 23, 2016, at 1:52 PM, C.D. Cochrane mailto:c...@post.com>> wrote: My 2 cents would be that rapid traditional signature updates are not a viable solution to this long term problem. I'm pretty sure the current generation of Locky, Drid

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

Every AV is losing. That’s why we’re working on alternative things at the same time. -- Joel Esler Manager, Talos Group On May 23, 2016, at 2:15 PM, C.D. Cochrane mailto:c...@post.com>> wrote: Obviously going to disagree. We are pushing almost a thousand pieces of detection

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

So our recent improvements and detection have not produced any different result in the field? Sent from my Apple Watch On May 28, 2016, at 10:01 AM, G.W. Haywood wrote: > Hi there, > > On Mon, 23 May 2016, C.D. Cochrane wrote: > >> ... ClamAV is just ... > > and o

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

To be honest right now, I'm interested in threats coming out more recently. While yes, your concern is valid, I'd like to hear from someone with a more recent test set. -- Joel Esler iPhone On May 28, 2016, at 12:13 PM, Groach mailto:groachmail-stopspammin...@yahoo.com>>

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

A. I wish I had a fan club B. Thank you for your input. C. We'll do better. -- Joel Esler Manager, Talos Group Sent from my iPad On May 28, 2016, at 7:37 PM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: Ooh, Joel, Im going to enjoys replying to this one... On

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

Haven't seen those in a couple years. They were big in the late 90's. -- Joel Esler iPhone On May 30, 2016, at 10:21 AM, Kris Deugau mailto:kdeu...@vianet.ca>> wrote: Groach wrote: As a side note: is anyone surprised a virus hasnt been released, embedded in a 'passwor

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

Users are so trained to not open those now, they are defeated, plus conviction of the file is pretty easy generically. The ones going around right now with the JavaScript inside of zip files are much more dynamic. -- Joel Esler iPhone On May 30, 2016, at 11:17 AM, Groach mailto:groachmail

Re: [clamav-users] Remove clamav-unofficial-sigs

> On Apr 10, 2016, at 12:10 AM, Paul Wise wrote: > >> On Wed, Apr 6, 2016 at 3:47 PM, Mathieu Parent wrote: >> 2016-04-06 6:55 GMT+02:00 Paul Wise: >>> Personally I am still waiting for clamav freshclam to properly support >>> third-party signatures, so clamav-unofficial-sigs can be a config fil

Re: [clamav-users] ClamAV-users Digest

This should be fixed now. -- Joel Esler Manager, Talos Group > On Mar 3, 2016, at 6:17 PM, Paul Kosinski wrote: > > Hi, > > I haven't received any Digest email since Feb 3, is the list still in > operation? > > Paul Kosinski > _

Re: [clamav-users] [Community-sigs] Remove clamav-unofficial-sigs

done a blog post or an email about this, so far, as we have only just begun to reach out to some of the 3rd party houses. -- Joel Esler Manager, Talos Group > On Apr 10, 2016, at 12:12 AM, Paul Wise wrote: > > On Sun, 2016-04-10 at 12:09 +0800, Paul Wise wrote: > >> [Third-

Re: [clamav-users] sinowal trojan

Have you submitted the file that is being detected up to ClamAV.net<http://clamav.net>? On the contact page? -- Joel Esler iPhone On Jun 30, 2016, at 1:22 PM, c chupela mailto:cnctem...@yahoo.com>> wrote: running clam av under centos 6.x, clamav version .99-3, daily.cld ve

Re: [clamav-users] ClamAV and DoD Approval

We've not made any special modifications to the code to enable it for use in the Government. We are glad to see that it is available for use, however. -- Joel Esler iPhone On Jul 12, 2016, at 6:56 PM, Albrecht, Thomas C mailto:thomas.c.albre...@lmco.com>> wrote: Hi, I'm h

Re: [clamav-users] ClamAV and DoD Approval

Every branch of govt and even every service in the DoD, up until recently, had their own approval list. -- Joel Esler iPhone On Jul 12, 2016, at 9:14 PM, TR Shaw mailto:ts...@oitc.com>> wrote: Actually they approved ClamAV for use in CI PL 4 & 5 since mid 2000s iPhone says hi!

[clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

clamav-signatures.html> about how to join the program. -- Joel Esler Manager, Threat Intelligence Team & Open Source Talos Group http://www.talosintel.com ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] ERROR: Malformed database

Thank you Kees. We no longer test against 0.96. So, it is quite possible that 0.96 doesn’t work anymore. Time to upgrade! -- Joel Esler Manager, Threat Intelligence Team & Open Source Talos Group http://www.talosintel.com On Jul 13, 2016, at 2:06 PM, Kees Theunissen mailto:c.j.the

Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

On Jul 13, 2016, at 3:06 PM, Benny Pedersen mailto:m...@junc.eu>> wrote: On 2016-07-13 20:40, Joel Esler (jesler) wrote: http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html what ExtraDatabase is it in freshclam ? It’s not. It’s in the regular daily.cvd that you do

Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

Why would it be silly to make life easier for millions of users? > On Jul 13, 2016, at 3:25 PM, Benny Pedersen wrote: > > On 2016-07-13 21:11, Joel Esler (jesler) wrote: > >> what ExtraDatabase is it in freshclam ? >> It’s not. It’s in the regular daily.cvd t

Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

t 3:36 PM, Axb wrote: > > My guess is that Benny doens't really mean "silly" but probably is his > "special" way of saying that it would be nice to be able to opt-in to third > party sigs. > > > On 07/13/2016 09:30 PM, Joel Esler (jesler) wrote:

Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

All third party signatures have the name of the third party submitter in the signature itself. For example: * Win.Malware.Agent4285353149/CRDF-1 I understand what you are saying Benny, however, we’re rather err on the side of shipping more detection to protect users. -- Joel Esler Manager

Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

It basically has to do with our how signature system works. > On Jul 13, 2016, at 4:20 PM, Benny Pedersen wrote: > > On 2016-07-13 22:13, Joel Esler (jesler) wrote: >> All third party signatures have the name of the third party submitter >> in the signature

Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

e program to protect more people. Protecting customers is a good thing. We're always going to try and do that. -- Joel Esler iPhone On Jul 14, 2016, at 3:21 AM, Arnaud Jacques / SecuriteInfo.com<http://SecuriteInfo.com> mailto:webmas...@securiteinfo.com>> wrote: Hello, We a

Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

Arnaud, Nothing I said was negative against 3rd party signature makers. I hope you are not upset by my comments. As I said, there is a ton of good content out there, and we want to get it out to more users. As far as feedback, I'll talk to our team. -- Joel Esler iPhone On Jul 14, 201

Re: [clamav-users] CVE_2013_3860-1

Okay, Have you filed a false positive with us through ClamAV.net<http://ClamAV.net>? -- Joel Esler iPhone On Jul 24, 2016, at 10:15 AM, c chupela mailto:cnctem...@yahoo.com>> wrote: My Clamav installation, engine version .99, signature daily.cld updated (version: 21959, sig

Re: [clamav-users] CVE_2013_3860-1

It may take more than one publish cycle to drop a sig. Publish cycles are at least every four hours. -- Joel Esler iPhone On Jul 26, 2016, at 10:16 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: Appears to be finally gone at this time. <http://clamav-du.securesites.net/cgi-bin

Re: [clamav-users] CVE_2013_3860-1

Yup. Understood. *may* bring the key word in my email. I'll ping Alain tomorrow if he can light the subject. -- Joel Esler iPhone On Jul 26, 2016, at 11:14 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: I hate having to point this out, but... When Alain notified the li

Re: [clamav-users] Canot get to Virus Definition

You should look to using freshclam for your AV updates. -- Joel Esler Manager Talos Group http://www.talosintelligence.com <http://www.talosintelligence.com/> > On Aug 17, 2016, at 12:00 PM, Young, Timothy R (IS) > wrote: > > I run my Linux/Unix machines in a closed envi

Re: [clamav-users] Canot get to Virus Definition

If you can download the ruleset manually, you can have freshclam set up to download it for you, on the same box. That being said, the daily.cvd is available here: http://www.clamav.net/downloads <http://www.clamav.net/downloads> -- Joel Esler Manager Talos Grou

Re: [clamav-users] Canot get to Virus Definition

re something I should be looking for in IE > or Firefox or has this been seen before? > > Tim > > -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net > <mailto:clamav-users-boun...@lists.clamav.net>] On Behalf Of Joel Esler &g

Re: [clamav-users] "Signatures Published" frequency

These are automated publish jobs. Right now, the signature system is processing at a comfortable level, and we’d prefer not to raise the rate of publish. -- Joel Esler Manager Talos Group http://www.talosintelligence.com <http://www.talosintelligence.com/> > On Sep 1, 2016, at 4:4

Re: [clamav-users] mirror redirect to emeksensin.com

Let me get with our ops team. Sent from my iPad On Sep 6, 2016, at 4:38 PM, Can Altineller mailto:altinel...@gmail.com>> wrote: Hello, I am the administrator of emeksensin.com, a turkish arts and crafts web site. For some reason, we are getting requests from clamav us

Re: [clamav-users] mirror redirect to emeksensin.com

This IP has been removed from the pool. You should see it stop shortly. Sent from my iPad On Sep 6, 2016, at 4:38 PM, Can Altineller mailto:altinel...@gmail.com>> wrote: Hello, I am the administrator of emeksensin.com, a turkish arts and crafts web site. For some reas

Re: [clamav-users] ClamAV updates

What mirror are you getting it from? The same one every time? Or different mirrors every time. Sent from my iPad On Sep 8, 2016, at 5:22 PM, Ed Christiansen MS mailto:edwa...@ll.mit.edu>> wrote: Greetings, I have been getting the updates off database.clamav.net

Re: [clamav-users] ClamAV updates

e same spot every time. However, when I went to check the mirrors today at http://www.clamav.net/mirrors.html it shows me a 404 error with a red rotating clam head. On 9/8/2016 5:23 PM, Joel Esler (jesler) wrote: What mirror are you getting it from? The same one every time? Or different mirrors

Re: [clamav-users] clamav-virusdb Update Problems?

Sorry all, I haven't had the chance to write the list, or put out a blog post, as I've been sick the last couple days, so I apologize. We're experiencing problems with our signature system right now as a result of some other work going on in our network. This work is extremely complex, and is

Re: [clamav-users] GPL license question

For example, even Apple ships ClamAV with their OS X server platform for scanning incoming email. Sent from my iPhone On Sep 17, 2016, at 11:50 AM, Borough Rumford mailto:lmdek...@icloud.com>> wrote: Hello, I know clamav is released under GPL license, and third-party commercial app shouldn't

Re: [clamav-users] It must be Friday

Al, This was actually my fault. One of my file processors went offline and I didn't correct it for about 12 hours. Resulted in two updates that were small or empty. I fixed it and everything should be up and moving now. Sent from my iPhone > On Sep 23, 2016, at 10:42 PM, Al Varnell wro

Re: [clamav-users] It must be Friday

ee hours ago. > > -Al- > >> On Sat, Sep 24, 2016 at 01:22 AM, Joel Esler (jesler) wrote: >> >> Al, >> This was actually my fault. One of my file processors went offline and I >> didn't correct it for about 12 hours. Resulted in two updates that we

Re: [clamav-users] FP: Win.Trojan.Agent-1696554 is md5sum of 2240 null bytes

All - This signature was my fault. It has been dropped. Should drop with the next publish and run of freshclam. > On Sep 27, 2016, at 5:46 AM, Al Varnell wrote: > > On Sep 27, 2016, at 2:26 AM, David Shrimpton > wrote: >> Is the original malware sample for which the signature was intended

Re: [clamav-users] FP: Win.Trojan.Agent-1696554 is md5sum of 2240 null bytes

These signatures were generated out of attachments to know bad spam files. We'll have a look. Sent from my iPhone > On Sep 27, 2016, at 8:54 PM, David Shrimpton > wrote: > >> On Wed, 28 Sep 2016, Joel Esler (jesler) wrote: >> >> All - >> >&g

Re: [clamav-users] FP: Win.Trojan.Agent-1696554 is md5sum of 2240 null bytes

Thank you Sent from my Apple Watch On Sep 27, 2016, at 9:07 PM, David Shrimpton wrote: > On Wed, 28 Sep 2016, Joel Esler (jesler) wrote: > >> These signatures were generated out of attachments to know bad spam files. >> We'll have a look. >>

Re: [clamav-users] FP: Win.Trojan.Agent-1696554 is md5sum of 2240 null bytes

Thank you David. Sent from my iPhone On Sep 27, 2016, at 10:25 PM, David Shrimpton wrote: >> These signatures were generated out of attachments to know bad spam files. >> We'll have a look. >> > > I generated the null byte files from sizes 1 to 1 and ran clamav against > them > and

Re: [clamav-users] freshclam error

Did anyone file a bug at bugs.clamav.net? On Sep 29, 2016, at 11:05 AM, robin.wakefi...@ubs.com wrote: Hi, We've just noticed this has started to appear in the logs too. Any clues please? Thanks, Robin -Original Message- From:

Re: [clamav-users] Feature request: show checksums of virus databases on the clamav.net website

We really don’t want people downloading the cvd’s through the browser directly on the website. We really want to encourage people to use Freshclam to do this. -- Joel Esler Manager Talos Group http://www.talosintelligence.com On Sep 29, 2016, at 12:21 PM, Alexey Salmin mailto:alexey.sal

Re: [clamav-users] Empty updates

Thanks Al. > On Sep 30, 2016, at 6:10 AM, Al Varnell wrote: > > Yes, those are empty, i.e. no New Sigs, Dropped Sigs, same number of Ignored > Sigs, no New Detection Signatures, no Dropped Detection Signatures. Empty! > On Fri, Sep 30, 2016 at 03:05 AM, Steve Basford wrote: >> >> On Fri, Sept

<    1   2   3   4   5   6   7   8   9   10   >