Perhaps I'm missing it, but I didn't see any attachment.
--Mark
On 5/17/2017 1:46 PM, João Gouveia wrote:
Those rules are know for FP'ing a lot.
Here's a different set you might want to check, courtesy of ReversingLabs (
attached ).
On Wed, May 17, 2017 at 6:10 AM, Mark Foley <mfo...@novatec-inc.com> wrote:
I added the yara script published by Homeland security to the clamav
database
directory. I believe I am getting a substantial number of false positives
on
this including messages containing PDF and JPG attachments, the latter
known to
be OK.
$ clamscan "/home/HPRS/mpress/Maildir/.Sent Items/cur/1486141726.
M192155P10931.mail,S=188385,W=191025:2,S"
/home/HPRS/mpress/Maildir/.Sent Items/cur/1486141726.
M192155P10931.mail,S=188385,W=191025:2,S:
YARA.Wanna_Cry_Ransomware_Generic.UNOFFICIAL FOUND
----------- SCAN SUMMARY -----------
Known viruses: 6284977
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.95 MB
Data read: 0.18 MB (ratio 5.42:1)
Time: 7.567 sec (0 m 7 s)
Is anyone else using this rule seeing this?
--Mark
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
