We have the same problem with signatures we want to whitelist. Was this
problem ever solved?
P.
On Tue, Nov 12, 2013 at 12:39 PM, Andreas Schulze
wrote:
> Am 12.11.2013 10:06 schrieb Steve Basford:
> >
> > > We added a file "local.ign2" containing one line:
> "Worm.Bagle.H-zippwd-1"
> > > clams
Steve,
We try to whitelist 2 sigs
% cat local.ign2
SecuriteInfo.com.Spammer.ec-messenger.com.UNOFFICIAL
SecuriteInfo.com.Spammer.addemar.com.UNOFFICIAL
On Tue, Dec 9, 2014 at 2:28 PM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
>
> On Tue, December 9, 2014 1:23 pm, p
Thanks Steve, that works.
On Tue, Dec 9, 2014 at 2:43 PM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
>
> On Tue, December 9, 2014 1:33 pm, polloxx wrote:
> >
> > % cat local.ign2
> > SecuriteInfo.com.Spamm
Since more and more malware is not attached to a mail but only an url to
it, detecting it is challenge. Is there any good url scanner avalable for
Clamav?
Thx,
P.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
htt
Thanks to all for the suggestions. surbl rbl is already in place.
On Fri, Dec 19, 2014 at 2:36 AM, Dennis Peterson
wrote:
>
> On 12/18/14 6:29 AM, polloxx wrote:
>
>> Since more and more malware is not attached to a mail but only an url to
>> it, detecting it is challenge.
We use amavisd to quarantaine all MS executable files, including zipped
files.
I asked a similar question in amavis. ML at 4/4/13. Replies from the
members were quite helpful:
First check if .exe extension is not commented out in
$banned_filename_re definition, then check that 'zip' is not commen
Thanks Steve.
On Thu, Feb 19, 2015 at 10:05 AM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
> Hi All,
>
> EquationAPT is in the news... so in case this is useful...
>
> copy the following to EquationAPT.hdb:
>
> 03718676311de33dd0b8f4f18cffd488:376320:Sanesecurity.Rogue.EquationAPT.1
>
Dear,
What categories can be excluded by PUAexclude? The documentation for that
seems not available.
Thx,
P.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
In http://www.clamav.net/documents/installing-clamav#requirements I read:
Optional:
GMP: for digital signatures
*cURL: for mail follow url*
Does this mean that clamav scans URL's in mails?
Thanks,
P.
___
Help us build a comprehensive ClamAV g
Dear,
Since the migration we have no new signatures:
freshclam.log shows:
Fri Mar 18 14:34:15 2016 -> --
Fri Mar 18 14:34:15 2016 -> ClamAV update process started at Fri Mar 18
14:34:15 2016
Fri Mar 18 14:34:15 2016 -> WARNING: Your ClamAV installation is OUTDA
Thanks for the answers folks.
One last question: will the new databases still work on version 0.98.1?
On Fri, Mar 18, 2016 at 4:01 PM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
>
> On Fri, March 18, 2016 2:05 pm, Helmut Hullen wrote:
> > Hallo, polloxx,
> >
Still no updates?
On Thu, Mar 17, 2016 at 4:24 AM, Joel Esler (jesler)
wrote:
>
> http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance.htm<
> http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance.html?m=1
> >l
>
> ClamAV Signature Interface maintenance is now com
Since the new Clamav database we have a lot more false positives for
PUA.Pdf.Trojan.EmbeddedJS-1 and PUA.Win.Trojan.EmbeddedPDF-1.
What can we do about this, except disabling PUA?
p.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrta
That's known to me Steve.
I'm afraid malware will not be detected in that case.
P.
On Thu, Mar 31, 2016 at 3:43 PM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
>
> On Thu, March 31, 2016 2:33 pm, polloxx wrote:
> > Since the new Clamav database we have a
as intended.
>
> The alternative is to communicate to your users that .pdf files
> containing javascript are not allowed in email. Unfortunately,
> *many* legit .pdf files contain javascript.
>
> This is more of a local policy decision than a tech decision.
>
>
> -- Noel Jo
On Thu, Jun 9, 2011 at 11:33 AM, Luca Gibelli wrote:
>
> Dear ClamAV users,
>
>
> This is a bugfix release recommended for all users. Please refer to the
> ChangeLog file for details.
>
> Download : http://downloads.sourceforge.net/clamav/clamav-0.97.1.tar.gz
> PGP sig : http://downloads.sourcefo
>> Any idea when the Debian package will be available?
>
> It is already available in unstable (I think it was already the day after the
> release),
> for volatile (or is it squeeze-updates now?) I don't know.
>
Edwin,
It's not in the stable a.k.a. Squeeze updates.
__
Dear,
One of our customers got a virus not detected by
Clamav:dhl-express-prtcopy-Delivery-Failure-Notification-HXZsVlN[...].exe
A fake DHL non-delivery report.
Other engines do detect it:
BitDefender 7.2 2011.06.27 Trojan.Zbot.1911
F-Secure 9.0.16440.0 2011.06.27 Trojan.Zbot.1911
Kaspersky
On Wed, Jun 29, 2011 at 11:45 AM, Henrik K wrote:
> On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby wrote:
>> > On Wed, 29 Jun 2011 11:24:24 +0200
>> > polloxx wrote:
>>
>> > Are there other user with the same problem? Any solution?
>>
On Wed, Jun 29, 2011 at 12:49 PM, Joel Esler wrote:
> If you have a sample of the file, submitting it through ClamAV's submission
> interface makes it "bubble up" so the rule writers can get to it faster.
>
> (instead of waiting for it to come through Virustotal)
>
Joel,
I did that yesertday.
Still not recognised.
On Wed, Jun 29, 2011 at 4:00 PM, Mihamina Rakotomandimby
wrote:
>> On Wed, 29 Jun 2011 12:45:37 +0300
>> Henrik K wrote:
>> So your users receive lot of legimate exes?
>
> Nope, exes are zipped
>
> --
> RMA.
> ___
> Help us build
On Mon, Jul 25, 2011 at 6:09 PM, Luca Gibelli wrote:
> Dear ClamAV users,
>
> ClamAV 0.97.2 fixes problems with the bytecode engine, Safebrowsing
> detection, hash matcher, and other minor issues. Please see
> the ChangeLog file for details.
>
> Download : http://downloads.sourceforge.net/clamav/c
Dear list,
We received a virus not detected by Clamav. VirusTotal shows a 23/43
detection ratio. Trend Micro recogises it as TROJ_GEN.R06C8AN.
Yesterday I submitted a sample to Clamav. But till now it's not detected.
https://www.virustotal.com/file/d6a2ae622adae26cc7988e68edfa6898364b423a47b8eeebb
On Tue, Jan 24, 2012 at 9:05 AM, Al Varnell wrote:
> On Jan 23, 2012, at 11:44 PM, polloxx wrote:
>
>> We received a virus not detected by Clamav. VirusTotal shows a 23/43
>> detection ratio. Trend Micro recogises it as TROJ_GEN.R06C8AN.
>> Yesterday I submitted a sample
On Tue, Jan 24, 2012 at 9:13 PM, Joel Esler wrote:
> This has been handled.
>
I noticed this. Thanks.
P.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Dear list,
How do we mark signatures as a false positive in our sig datavase?
Thx
P.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
I will Alain,
But I want a quick way to whitelist as a shortcut, because our users
are complaining. :(
On Mon, Aug 13, 2012 at 3:23 PM, Alain Zidouemba
wrote:
> Please report your FP(s) here:
> http://www.clamav.net/lang/en/sendvirus/submit-fp/
>
> - Alain
> _
Thanks Steve.
I also reported the FP.
On Mon, Aug 13, 2012 at 3:41 PM, Steve Basford
wrote:
>
>> I will Alain,
>>
>> But I want a quick way to whitelist as a shortcut, because our users
>> are complaining. :(
>
>
> Put the problem signature name in a file called local.ign2 and restart clamd.
>
>
Just a quick note to inform you that the FP for XF.Sic.E I submited to
http://www.clamav.net/lang/en/sendvirus/submit-fp/ on Aug 13 is still
in the database.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.ne
Because a VirusTotal scan results in only Clamav (1/42) marking it as infected.
On Mon, Aug 27, 2012 at 4:29 PM, Alain Zidouemba
wrote:
> In the RF822 message that you sent in, found:
>
> "An Excel Formula Macro Virus (XF.Classic))
> Hydrocodone/APAP 10-650 For Your Computer
> (C) The Narkotic N
On Mon, Nov 26, 2012 at 8:25 PM, Al Varnell wrote:
> On 11/26/12 9:02 AM, "polloxx" wrote:
>
>> Are signatures for Belgian or Dutch bank-phishing mails (ING,
>> BNP-Paribas-Fortis, Belfius, etc) included in these databases?
>>
> Open the "daily" por
31 matches
Mail list logo
