Re: [clamav-users] Empty updates

All — We are aware of an issue with rule publishing at this time. We are currently working on it, and will update the list when the problem is resolved. -- Joel Esler Manager Talos Group http://www.talosintelligence.com On Sep 30, 2016, at 9:46 AM, Joel Esler (jesler) mailto:jes

Re: [clamav-users] Encrypted Word doc/phishing attack

Alex, Are you submitting these files to ClamAV? http://www.clamav.net/reports/malware -- Joel > On Oct 5, 2016, at 8:21 AM, Alex wrote: > > Hi, > I'm starting to receive emails like this: > > http://pastebin.com/HpvEcT9K > > They're not being caught by clamav or other virus filters. Is it

Re: [clamav-users] Encrypted Word doc/phishing attack

> On Oct 5, 2016, at 1:54 PM, Alex wrote: > > Hi, > >> Are you submitting these files to ClamAV? >> >> http://www.clamav.net/reports/malware > > Not always, primarily because the response time has been too long. > I'll try to more attentively submit them. > It shouldn’t be anymore. This is

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

Did you file a report on the website? Sent from my iPhone > On Oct 11, 2016, at 7:34 PM, Al Varnell wrote: > > The Win.Trojan.Agent-1760811 signature released yesterday in daily - 22342 is > identifying some version of OpenSSL’s ssh-agent to be reported as infected by > at least three ClamXav

Re: [clamav-users] export classification

All, I'm getting a definite answer here before I throw anything out. As far as import/export, ClamAV is 100% owned by Cisco. Sent from my iPhone > On Oct 11, 2016, at 8:19 PM, Al Varnell wrote: > > That was certainly the situation in the past, but i don't see how it can > still be true i

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

I’ve dropped this sig. Thanks Al. Joel Esler jes...@cisco.com<mailto:jes...@cisco.com> On Oct 12, 2016, at 4:07 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Sorry for all the confusion. My testing earlier today was in error. OpenSSH version 7.2_p2 is in fact include

Re: [clamav-users] Encrypted Word doc/phishing attack

Alex, I’ll follow up off list to verify what email you submitted them under. Joel Esler jes...@cisco.com<mailto:jes...@cisco.com> On Oct 12, 2016, at 8:21 AM, Alex mailto:mysqlstud...@gmail.com>> wrote: Hi Joel, On Wed, Oct 5, 2016 at 2:38 PM, Joel Esler (jesler) mailto:jes.

Re: [clamav-users] Java.Malware.Agent-1756221 false positive still detected

Signature has been dropped. Thank you. -- joel esler |Talos: manager|jes...@cisco.com<mailto:jes...@cisco.com> On Oct 12, 2016, at 11:44 AM, Andy Keller mailto:andykel...@decisionlens.com>> wrote: Will do, thanks. Sorry for the clutter. -- Andy Keller Cloud Security Manager |

Re: [clamav-users] Encrypted Word doc/phishing attack

Seems logical. bugzilla.clamav.net<http://bugzilla.clamav.net> would be a good place to submit the feature request. -- Joel Esler | Talos: Manager| jes...@cisco.com<mailto:jes...@cisco.com> On Oct 19, 2016, at 9:57 AM, Heino Backhaus mailto:heino.backh...@fink-computer.de>

Re: [clamav-users] swift.doc Doc.Dropper.Agent-1776597

Heino, Can you clarify which sig caught it? Doc.Dropper.Agent-177659 is not an actual sig number. -- Joel Esler | Talos: Manager| jes...@cisco.com<mailto:jes...@cisco.com> On Oct 19, 2016, at 10:08 AM, Steve Basford mailto:steveb_cla...@sanesecurity.com>> wrote: On Wed

Re: [clamav-users] swift.doc Doc.Dropper.Agent-1776597

So to be clear, it is not detected or it is detected? -- Joel Esler | Talos: Manager| jes...@cisco.com<mailto:jes...@cisco.com> On Oct 19, 2016, at 9:50 AM, Heino Backhaus mailto:heino.backh...@fink-computer.de>> wrote: Hello List, we've received totay early in the mor

Re: [clamav-users] swift.doc Doc.Dropper.Agent-1776597

Yup, that’s one of mine. Glad to see my system is working ;) As far as why it didn’t work, I’ll have to defer this to Steve on the dev team. -- Joel Esler | Talos: Manager| jes...@cisco.com<mailto:jes...@cisco.com> On Oct 19, 2016, at 10:16 AM, Steve Basford mailto:stev

Re: [clamav-users] Memory error

Correct. That version is EOL. Sent from my iPhone > On Oct 22, 2016, at 4:41 PM, Yuri Voinov wrote: > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > First of all, upgrade. Current version is 0.99.2. Your version is simple > ancient and rancid years ago. > > > 23.10.2016 2:39,

Re: [clamav-users] Last Seven daily Updates have been almost empty

Thanks Al. -- Joel Esler | Talos: Manager| jes...@cisco.com<mailto:jes...@cisco.com> On Oct 24, 2016, at 2:56 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Never quite sure when I should bring this up, but daily 22415 through 22421 have included exactly one new signa

Re: [clamav-users] Last Seven daily Updates have been almost empty

We’re building a new daily now that should fix the issue. -- Joel Esler | Talos: Manager| jes...@cisco.com<mailto:jes...@cisco.com> On Oct 24, 2016, at 2:56 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Never quite sure when I should bring this up, but daily 22415 through

Re: [clamav-users] Documentation for creating ndb signatures?

Dave, Check out: https://github.com/vrtadmin/clamav-devel/blob/master/docs/signatures.pdf Thanks. -- Joel Esler | Talos: Manager| jes...@cisco.com<mailto:jes...@cisco.com> On Oct 26, 2016, at 8:45 AM, Dave McMurtrie mailto:dav...@andrew.cmu.edu>> wrote: Hi, I know it exi

Re: [clamav-users] License

What would you like to know? Sent from my iPhone > On Nov 4, 2016, at 4:04 PM, Michael Mckeown > wrote: > > Is there someone I could contact via email about the license or rather > could someone from clamav contact me on this email? > > Thanks. > _

Re: [clamav-users] License

Probably not. What did you have in mind? -- Sent from my Apple Watch > If the default license can be changed for a user for a fee. > > > On 04/11/2016 20:11, Joel Esler (jesler) wrote: >> What would you like to know? >> >> Sent from my iPhone >> >>>

Re: [clamav-users] Issue with daily-22474

Oh my, I apologize, it just dawned on me that I sent a note to the mirrors list, but not to the users list. A "larger than normal" cdiff to the Daily.cvd was published. Unfortunately with the timeline that we had to publish it, and my personal travel schedule, I was not able to put out a note

Re: [clamav-users] Virus Signature Submitted on 17/10/2016

The processing that comes in through the website is largely automated. Submitting signatures should be done through the community-sigs list, until we make a submission method through the website. Sent from my iPad > On Nov 7, 2016, at 6:45 AM, Richard McCombie > wrote: > > Good morning, >

Re: [clamav-users] Issue with daily-22474

le safely? Also, given the cdiff file was > approximately the same size as the entire daily db, would it have been better > simply to skip that cdiff, causing everyone to re-download a new daily.cvd? > Or is that not advisable for some reason? > > Thanks. > Mark > >>

Re: [clamav-users] Clamwin will not update or so Slow it's Impractical to try

Who is “they”? Us? Or ClamWin? -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Nov 12, 2016, at 5:02 PM, Rudy Stebih mailto:clamavmir...@gmail.com>> wrote: It's because their mirrors are extremely slow and they won't add any new

Re: [clamav-users] Clamwin will not update or so Slow it's Impractical to try

I never said that we weren’t accepting mirrors anymore. I said we aren’t accepting them right now because of internal network migration issues (we just moved in between three data centers) -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Nov 12, 2016

Re: [clamav-users] ClamAV malware report: include info from Malwr?

To answer the automation question, 100% of what people submit is handled automatically. It is ran through our sandboxes if needs be, (the sandboxes used by our commercial customers) along with a ton of other factors, but yes, it's 100% automated. Humans have to deal with what cannot be automat

Re: [clamav-users] Many Empty Updates

Thank you Al. -- Sent from my iPhone > On Nov 17, 2016, at 6:31 AM, Al Varnell wrote: > > The last significant update was daily - 22543 posted 36 hours ago. > > Since that time there have been only one new daily signature, three new > bytecode signatures and two dropped signatures. > > -A

Re: [clamav-users] CRDF databases and clamav

Yes. That is correct. -- Sent from my iPhone > On Nov 20, 2016, at 11:54 AM, Rafael Ferreira wrote: > > Howdy folks, am I correct to say that based on this announcement > (http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html >

Re: [clamav-users] CRDF databases and clamav

There is at least one or two more we are working on right now to incorporate to make everyone's lives easier, increase detection, give credit to the correct signature developer, false positives to the signature developer (when submitted into ClamAV.net). It's a win for literally everyone. --

Re: [clamav-users] CRDF databases and clamav

from my iPhone > On Nov 20, 2016, at 4:46 PM, Dennis Peterson wrote: > > Will the ClamAV team handle CRDF FP's and other issues? > > dp > >> On 11/20/16 11:10 AM, Joel Esler (jesler) wrote: >> There is at least one or two more we are working on right now to incor

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

Mark, Thanks for the feedback, you are right, I am experiencing some high counts in the Txt.Malware.Agent family. I’ve disabled this engine for now. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Nov 22, 2016, at 12:02 PM, Mark Allan mailto:m

Re: [clamav-users] Build ClamAV from Source for Android

We provide a ton of them. I had them automated for awhile, but it was flooding the system, so I had to turn them off. But yes, there is plenty of mobile malware in the space, and lots of ClamAV installations are catching them via side-load. -- Joel Esler | Talos: Manager | jes...@cisco.com

Re: [clamav-users] Many Empty Updates

This has been fixed! -- Sent from my iPhone > On Nov 17, 2016, at 6:54 AM, Joel Esler (jesler) wrote: > > Thank you Al. > > -- > Sent from my iPhone > >> On Nov 17, 2016, at 6:31 AM, Al Varnell wrote: >> >> The last significant update was daily - 2

Re: [clamav-users] Question about Virus DB

Al nailed it. -- Sent from my iPhone > On Nov 27, 2016, at 1:15 AM, Al Varnell wrote: > > That's an easy one. As I understand it's history, ClamAV was originally > designed to scan incoming messages to e-mail servers. Since it's impossible > to know the final destination platform of these me

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

Mark, Thanks. I’ve set these to drop, so they should disappear in an upcoming release. Not sure why they were convicted in the first place, I have safe guards that should have prevented this, I’ll look into it. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

When I say “disable an engine” I mean, disabling the conviction engine on my side that convicts those files. It’s been turned off for several days now. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Nov 23, 2016, at 6:23 AM, Al Varnell mailto:

Re: [clamav-users] Bytecode Update [was:Many Empty Updates]

They have been added now, thanks Al for pointing this out to us. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Nov 23, 2016, at 6:31 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Although I didn't receive any feedback on this one, I did

Re: [clamav-users] feedback on Installing ClamAV instructions

, or, more directly, a pull request into the clamav-faq on GitHub. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Nov 22, 2016, at 10:36 PM, timeless mailto:timel...@gmail.com>> wrote: Hi. Please forgive this long critique of Installing ClamAV [1].

Re: [clamav-users] FP Pdf.Exploit.CVE_2016_1091-2

Gene, Al was simply asking, as he knows we may ask, and it helps us identify the file faster. Otherwise we have to search through and look for the sender email, which, sometimes does not match up. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On

Re: [clamav-users] FP Pdf.Exploit.CVE_2016_1091-2

The team is working on this, as we speak. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Nov 30, 2016, at 10:23 AM, Jeff Dyke mailto:jeff.d...@gmail.com>> wrote: Thanks Joel and Al, hopefully my hashes, files and virustotal urls are helpful.

Re: [clamav-users] FP Pdf.Exploit.CVE_2016_1091-2

Thanks for the feedback Jeff. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Nov 30, 2016, at 6:16 PM, Jeff Dyke mailto:jeff.d...@gmail.com>> wrote: Just a user or not Al, thanks for the quick update!! Also thank you to the folks that looked

Re: [clamav-users] db.at.clamav.net

Thanks. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Dec 1, 2016, at 6:52 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Confirming no response to Ping, Traceroute or Port Scan. Lookup 81.223.20.171 -> clamav.inode.at<http://clama

Re: [clamav-users] How to Mass Submit Virus Samples?

What amount of samples are we talking? Do you want to submit whole spam or just the attachments? -- Sent from my iPhone > On Dec 2, 2016, at 5:46 AM, Benoit Panizzon wrote: > > Hello ClamAvers! > > I work at an ISP and we operate a large email infrastructure. We use > ClamAV as our mail vir

Re: [clamav-users] How to Mass Submit Virus Samples?

We can accept either the attachments or the entire spam email. We also run the spamcop.org anti-spam project, and that helps us tremendously as well. But if you are willing to send us samples, we can get you set up as a mass submitter, and you can mail them to us. -- Sent from my iPhone

Re: [clamav-users] How to Mass Submit Virus Samples?

We set up each mass submitter with a different address in the system. It's not a shared address. -- Sent from my iPhone > On Dec 2, 2016, at 7:26 AM, Arnaud Jacques / SecuriteInfo.com > wrote: > > Hi Joel, > >> But if you are willing to send us samples, we can get you set up as a mass >> s

Re: [clamav-users] How to Mass Submit Virus Samples?

I meant spamcop.net. Not .org. Sorry about that. -- Sent from my iPhone > On Dec 2, 2016, at 7:19 AM, Joel Esler (jesler) wrote: > > We can accept either the attachments or the entire spam email. We also run > the spamcop.org anti-spam project, and that helps us tremendo

Re: [clamav-users] Question about Repairing infected files

Most are hash? Sure. They are auto generated. But there are still a good bit of more advanced signatures shipping every day On Dec 4, 2016, 7:06 AM -0500, Al Varnell , wrote: On Dec 3, 2016, at 9:02 PM, crazy thinker wrote: Hi All, It is known that ClamAV uses Pattern Matching to Catch infecte

Re: [clamav-users] bugzilla security certificate

Thanks Steve, I’ve opened a ticket for review. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Dec 7, 2016, at 11:42 AM, Steve Basford mailto:steveb_cla...@sanesecurity.com>> wrote: Just a quick one... in case it confuses visitors to Bugzilla.

Re: [clamav-users] clamav remote server / client setup scenario

What you are looking for is the ability to setup a private mirror. http://www.clamav.net/documents/private-local-mirrors -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Dec 7, 2016, at 12:19 PM, Priya Seth mailto:se...@us.ibm.com>> wrote: H

Re: [clamav-users] Building ClamAV for Android PC

Throughout the years of the project we've had many people say they want to do this, but I've never heard of anyone that actually has. -- Sent from my iPhone > On Dec 10, 2016, at 12:14 PM, crazy thinker wrote: > > Hi All, > > i have installed remix os on personal laptop for expermential wor

Re: [clamav-users] bugzilla security certificate

ClamAV is not the only project we run. When you all (or we) discover an issue, I take that information, file a ticket with our operations team, and the issues are resolved as we get to them, just like any other infrastructure. Not only do we run ClamAV, but we run Snort, and entire Talos infra

Re: [clamav-users] Question on attachments

File types are based upon their contents. Not their extensions. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Dec 12, 2016, at 11:43 AM, TR Shaw mailto:ts...@oitc.com>> wrote: How does ClamAV decide to unpack an attachment? In particula

Re: [clamav-users] Central management server?

This is probably found exclusively in an enterprise system. We have it in our AMP product that we sell (which uses ClamAV as one of its engines), but I am not aware of any free enterprise management of AV software. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.

Re: [clamav-users] the problem of endless loop

The 0.97.x tree is EOL: http://blog.clamav.net/2016/05/clamav-097-engine-end-of-life.html I recommend upgrading to a newer version. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Dec 19, 2016, at 6:56 PM, Tsutomu Oyamada mailto:oyam...@promark-i

Re: [clamav-users] Probable False Positive - OpenJDK-1.8 nashorn.jar : Win.Trojan.Toa-5370166-0

We QA against thousands of clean files for each signature. But we don't have s copy of every foe in the world to QA against. When people send in false positives, if we determine them to be actually clean, we add them to the FP farm as well. That's why FPs are important to send in, not just

Re: [clamav-users] Probable False Positive - OpenJDK-1.8 nashorn.jar : Win.Trojan.Toa-5370166-0

I believe that signature has been dropped. -- Sent from my iPhone > On Dec 26, 2016, at 11:08 PM, Christian Balzer wrote: > > > Hello, > >> On Tue, 27 Dec 2016 03:06:31 + Joel Esler (jesler) wrote: >> >> We QA against thousands of clean files for each

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

Are you able to submit the files via the website? -- Sent from my Apple Watch On Dec 27, 2016, at 3:08 PM, Adnan de Castro Donato wrote: > > In keeping with one false positive reports > I have 8 CentOS servers report below after Signatures Published daily - 22782 > update: > > All attachme

Re: [clamav-users] Submitted false-negative still not detected

Alex, Regarding the ticket and confirmation piece, we are working on that. -- Sent from my iPhone > On Dec 27, 2016, at 8:21 PM, Alex wrote: > > Hi, > > I submitted a false-negative a few days ago and it still is not > detected after the most recent update. It would be helpful for these >

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

I'm not dismissing anything. (Except the notion that I am dismissing things). I know one of our guys is monitoring the list during the holiday. I'll ping him. -- Sent from my iPhone > On Dec 29, 2016, at 7:07 AM, Groach > wrote: > >> On 29/12/2016 09:32, Reindl Harald wrote: >> >>> Am 2

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

We are showing that all Toa signatures have been dropped. Please run freshclam to drop the sigs. -- Sent from my iPhone > On Dec 29, 2016, at 8:03 AM, Joel Esler (jesler) wrote: > > I'm not dismissing anything. (Except the notion that I am dismissing things). > I know o

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

Because the address is bugzilla.clamav.net. This will be fixed by removing the bugs.clamav.net dns entry. But I don't want to remove it until the links inside the tarball + any documentation has been adjusted to say bugzilla. -- Sent from my iPhone > On Dec 29, 2016, at 10:05 AM, Benny P

Re: [clamav-users] Grizzly Steppe

Where did you sent them? -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jan 4, 2017, at 7:12 PM, TR Shaw mailto:ts...@oitc.com>> wrote: I have offered sigs to ClamAV official but have heard nothing back yet. On Jan 4, 2017, at 6:52 PM, Er

Re: [clamav-users] Grizzly Steppe

AMP has far more coverage than ClamAV. As the coverage can be generated much more quickly and without a DB to download, it happens in real time. As far as coverage for ClamAV, and Alain can correct me if I am wrong, I believe coverage has been pushed out. -- Joel Esler | Talos: Manager | jes

Re: [clamav-users] Old virus databases?

I’d have to check, I am not sure we retain those. I don’t think they are available publicly anywhere either. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jan 5, 2017, at 1:39 PM, Michael Howard mailto:mhow...@cra.com>> wrote: Hello. The Cla

Re: [clamav-users] Grizzly Steppe

http://blog.talosintel.com/2017/01/grizzly-steppe.html -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jan 5, 2017, at 11:40 AM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: AMP has far more coverage than ClamAV. As the coverage can

Re: [clamav-users] Clam AV Integration with Thunderbird

What about on-access scanning ClamAV for Linux? -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jan 8, 2017, at 11:25 AM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: What you are talking about is a REALTIME protection which clam i

Re: [clamav-users] Submitting False Negatives

Are you using the most updated version of the tool? It should work. -- Sent from my iPhone > On Jan 11, 2017, at 11:07 AM, Tim Tepatti wrote: > > Hello, > > I recently started using ClamAV and have a small database of virus samples > on my computer. I noticed that when scanning some of these

Re: [clamav-users] Potentially False Positive, but I lost the file!

Groach -- Sent from my iPhone > On Jan 21, 2017, at 10:43 AM, Groach > wrote: > > I would put my house on that it was a false positive 100%. Reasons for > saying so: > > 1, It was a windows installation CD > 2, Its a file nearly 20 years old > 3, Clam signatures couldnt detect water in a

Re: [clamav-users] Potentially False Positive, but I lost the file!

-- Sent from my iPhone > On Jan 21, 2017, at 11:16 AM, Alain Zidouemba > wrote: > > Antonio, > > Unfortunately, I can't find any record of us having ever published > Win.Trojan.Agent-18112140. > Could the name of the signature that caused the FP be slightly different? > > Alain > > On Sat,

Re: [clamav-users] Potentially False Positive, but I lost the file!

providing detection to others, helping others with their installs, helping with development, etc. This is a free project, so I can't offer you a refund. -- Sent from my iPhone On Jan 21, 2017, at 4:55 PM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: On 21/01/2017 18:4

Re: [clamav-users] Daily 23161 broke Clam

A new daily with the Sig dropped. Probably what we will do to prevent this from happening again, is to have 0.99.3 (the upcoming version) require pcre 7. How does that sound? -- Sent from my iPhone > On Mar 3, 2017, at 18:08, Chris Conn wrote: > > Hello, > > I hope you don't mind my cont

Re: [clamav-users] Daily 23161 broke Clam

mply > disable pcre support in previous version of clamd that have not been upgraded? > > Thanks, > > Chris > >> On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote: >> A new daily with the Sig dropped. >> >> Probably what we will do to prevent this

Re: [clamav-users] Daily 23161 broke Clam

We cannot be tied to distribution support problems. -- Sent from my iPhone > On Mar 4, 2017, at 17:44, Benny Pedersen wrote: > > Leonardo Rodrigues skrev den 2017-03-04 23:12: >> is clamav a redhat product ?!?! I don't think so. That being said, i >> see absolutely no point at all on saying cl

Re: [clamav-users] R: Re: ClamAV for windows: GUI and chocolatey package

We make Immunet. It combines a cloud based detection engine with the offline capability of clamav. It's extremely effective and free. -- Sent from my iPhone > On Mar 5, 2017, at 05:46, "erotavlas_tu...@libero.it" > wrote: > > Hi, > whenever it is possible, I prefer to avoid using closed

Re: [clamav-users] Daily 23161 broke Clam

I am still interested in people's feedback, as right now, this thread seems to be about 50/50 (in requiring pcre 7) -- Sent from my iPhone > On Mar 5, 2017, at 06:39, Ned Slider wrote: > >> On 04/03/17 22:54, Joel Esler (jesler) wrote: >> We cannot be tied to distribution

Re: [clamav-users] R: Re: R: Re: ClamAV for windows: GUI and chocolatey package

V for windows which is all except that > free > and user privacy friendly, I can take a look at immunet. > Can you tell me if immunet uses ads, adware and something similar? > > Thank you > > >> Messaggio originale >> Da: "Joel Esler (jesler)"

Re: [clamav-users] Daily 23161 broke Clam

ng missed. -- Sent from my iPhone > On Mar 5, 2017, at 22:29, Noel Jones wrote: > >> On 3/5/2017 6:51 AM, Joel Esler (jesler) wrote: >> The question here is, do we strive to make a package that is installable on >> more machines, (even ones that are going EOL?), or do we st

Re: [clamav-users] (no subject)

These come in spurts. When we suddenly get a rash of 50-100 new people on the list for whatever reason, we get one or two of these. Part of being a member of a community. It sucks that we have these every now and again, and it can be annoying, but we just guide them to the exit and call i

Re: [clamav-users] ClamAV for windows: GUI and chocolatey package

\ On Mar 5, 2017, at 6:01 PM, Benny Pedersen mailto:m...@junc.eu>> wrote: Joel Esler (jesler) skrev den 2017-03-05 13:42: We make Immunet. It combines a cloud based detection engine with the offline capability of clamav. It's extremely effective and free. windows only imho :

Re: [clamav-users] Reporting malware/false negatives

Inline. -- Sent from my iPhone > On Mar 21, 2017, at 20:27, Alex wrote: > > Hi, I reported an encrypted word macro virus this morning, and this > evening it is still not detected by sanesecurity or clamav proper. > > How long does it typically take for a sample to be analyzed and a > pattern

Re: [clamav-users] Reporting malware/false negatives

I just added Doc.Dropper.Agent-6136130-0 to the scan system, it should be published today. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Mar 22, 2017, at 9:43 AM, Alex mailto:mysqlstud...@gmail.com>> wrote: Hi, How long does it typicall

Re: [clamav-users] False Positive of IObit product by ClamAV

This signature has been dropped. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Mar 31, 2017, at 3:44 AM, Arnaud Jacques / SecuriteInfo.com<http://SecuriteInfo.com> mailto:webmas...@securiteinfo.com>> wrote: Received this message : -

Re: [clamav-users] Reporting malware/false negatives

Both of these have been marked and should ship in an upcoming CVD. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 2, 2017, at 4:44 PM, Alex mailto:mysqlstud...@gmail.com>> wrote: Hi, I submitted a number of encrypted word macro viruses wit

Re: [clamav-users] Manual cdiff update procedure

Why would freshclam not be used? -- Sent from my iPhone > On Apr 6, 2017, at 07:36, venkat swaminathan wrote: > > Thanks Allan, > Mentioned below is my current progress. > all in /tmp/clam folder > > sigtool --unpack-current=daily (Unpacked Existing CVD from /var/lib/clam) > sigtool --verify-c

Re: [clamav-users] Question about .cvd files

said in #2. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 12, 2017, at 12:13 PM, crazy thinker mailto:crazythinke...@gmail.com>> wrote: Hi ClamAV Developer, users I have below Questions on ClamAV Virus Database 1.what information bytecode.c

Re: [clamav-users] Identify Threat Risk Level with ClamAV

Wouldn’t all malware be a large risk? -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 14, 2017, at 12:47 AM, crazy thinker mailto:crazythinke...@gmail.com>> wrote: Hi ClamAV Developers,Users I know that ClamAV is a very powerful anti-virus

Re: [clamav-users] Sporadic signature frequency

, all of which require development, time, and bandwidth: 1. Make a new main.cvd and push it out (easiest fix) 2. Optimize how we do deletes But the beginning of this email is the reason. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 15, 2017, at 11

Re: [clamav-users] Sporadic signature frequency

Its an optimization to how we do deletes on the backend build. Nothing forward facing. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 17, 2017, at 2:01 PM, Rafael Ferreira mailto:r...@uvasoftware.com>> wrote: Thanks Joel, that makes sens

Re: [clamav-users] ClamAV for EnterPrise

All -- ClamAV does not have any plans on making an enterprise version or management console. We make a commercial product for that, which also uses ClamAV in its engine. I think that settles the conversation. -- Sent from my iPhone > On Apr 19, 2017, at 04:08, Reindl Harald wrote: > >

Re: [clamav-users] ClamAV for EnterPrise

: Re: [clamav-users] ClamAV for EnterPrise >> >> @Joel >> >> That Sounds good but ClamAV is OpenSource.. how can we use it in >> Commercial Product ? >> >>> On 19 April 2017 at 17:07, Joel Esler (jesler) wrote: >>> >>> All -- >>&g

Re: [clamav-users] ClamAV for EnterPrise

Alright all — I think the conversation and arguing has gone on long enough and we’ve beat not only the topic to death, but the topics after the topic are now dead. I’ve received enough complaints at this point to call a truce. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:

Re: [clamav-users] Another possible FP?

Are they FPs? Or just alerts? -- Sent from my iPhone > On Apr 23, 2017, at 14:17, "ad...@web-envy.com" wrote: > > I can confirm that today I did not get any of these FPs, however I am > getting a bunch of these instead. A lot of them are on older email messages > that look like normal messages

Re: [clamav-users] ClamAV for EnterPrise

our false positive system, which we are continually working on. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 20, 2017, at 12:49 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Benny, Obviously Joel is in a better position to answer the

Re: [clamav-users] Mirror problem

Thanks Ted. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 20, 2017, at 2:48 PM, Ted Hatfield mailto:t...@io-tx.com>> wrote: On Thu, 20 Apr 2017, Kristen R. wrote: On 4/20/17 7:42 AM, Dennis Peterson wrote: Anyone else seeing this? Sat

Re: [clamav-users] Mirror problem

I’ve created a ticket for removal for our operations team. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 20, 2017, at 2:48 PM, Ted Hatfield mailto:t...@io-tx.com>> wrote: On Thu, 20 Apr 2017, Kristen R. wrote: On 4/20/17 7:42 AM, Dennis Pe

Re: [clamav-users] No Signature updates for 30 hours?

Thanks all for this, it should be fixed now. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 1, 2017, at 9:21 AM, Mark Allan mailto:markjal...@gmail.com>> wrote: It looks like there's a problem with the DNS text record not updating pro

Re: [clamav-users] Different results: Clamscan vs ClamWin

First thing I notice is that you are running two different versions of ClamAV. -- Sent from my iPhone > On May 2, 2017, at 20:08, Rafael Ferreira wrote: > > Can you tell us which virus you encountered? Also can you validate that the > file has the same checksum in both windows and Linux? >

Re: [clamav-users] ClamAV UnOfficial Database

We already distribute some third party feeds into the official database, we have a program for that which can be found on our website. We would love to incorporate Sanesecurity's feed, all they have to do is give us the okay to do it. -- Sent from my iPhone > On May 4, 2017, at 07:29, craz

Re: [clamav-users] ClamAV UnOfficial Database

We'd have to evaluate which feeds would be appropriate for the ClamAV Db. The more coverage the better, with fewest false positives. -- Sent from my iPhone > On May 4, 2017, at 08:04, Benny Pedersen wrote: > > Joel Esler (jesler) skrev den 2017-05-04 13:52: >> We alr

Re: [clamav-users] ClamAV UnOfficial Database

3rd party signatures distributed by us, are signed. -- Sent from my iPhone > On May 4, 2017, at 08:27, Benny Pedersen wrote: > > Joel Esler (jesler) skrev den 2017-05-04 14:19: >> We'd have to evaluate which feeds would be appropriate for the ClamAV >> Db. The more

Re: [clamav-users] ClamAV UnOfficial Database

sigs) The hash based sigs are a method for us to automatically get sigs out right now instead of later. As we all have other things we are doing. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 4, 2017, at 5:57 PM, Benny Pedersen mailto:m...@j

Re: [clamav-users] LibClamAV Warning

I thought this was fixed. -- Sent from my iPhone > On May 6, 2017, at 14:01, Rudy Stebih wrote: > > I filed a bug report for this. Bug #11837 > > Cheers, > Rudy > > >> On Wed, May 3, 2017 at 1:25 PM, David Raynor wrote: >> >> Bump for visibility. I figure someone from your team should g

<    1   2   3   4   5   6   7   8   9   10   >