[clamav-users] Submissions being rejected :-(
This is the mail system at host si01.clam.sourcefire.com. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system redac...@si01.clam.sourcefire.com: Command time limit exceeded: /usr/bin/procmail -a $EXTENSION Reporting-MTA: dns; si01.clam.sourcefire.com X-Postfix-Queue-ID: AFFB830014 X-Postfix-Sender: rfc822; ts...@oitc.com Arrival-Date: Tue, 21 Jan 2014 08:55:35 -0500 (EST) ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Submissions being rejected :-(
Our OPs team are reporting that this issue is now fixed. Could you please try your submission again? Thanks Tom On Tue, Jan 21, 2014 at 8:52 AM, TR Shaw ts...@oitc.com wrote: This is the mail system at host si01.clam.sourcefire.com. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system redac...@si01.clam.sourcefire.com: Command time limit exceeded: /usr/bin/procmail -a $EXTENSION Reporting-MTA: dns; si01.clam.sourcefire.com X-Postfix-Queue-ID: AFFB830014 X-Postfix-Sender: rfc822; ts...@oitc.com Arrival-Date: Tue, 21 Jan 2014 08:55:35 -0500 (EST) ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml -- Senior Research Engineer SourceFire Vulnerability Research Team ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] Heuristics.Safebrowsing.Suspected false-positive help
Hi, I received a number of messages on the 17th that were tagged incorrectly with: X-Amavis-Alert: INFECTED, message contains virus: Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net I tried to figure out what the pattern was, but apparently it no longer exists? # sigtool --find-sigs Heuristics.Safebrowsing | sigtool --decode-sigs I've tried variations of this, but was unable to locate any signs of it. What is the proper way to search for this particular pattern, and does anyone have any info on what it might have been on the 17th that would cause such a false-positive? Thanks, Alex ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Heuristics.Safebrowsing.Suspected false-positive help
On Jan 21, 2014, at 10:40 AM, Alex mysqlstud...@gmail.com wrote: I received a number of messages on the 17th that were tagged incorrectly with: X-Amavis-Alert: INFECTED, message contains virus: Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net I tried to figure out what the pattern was, but apparently it no longer exists? There is no specific pattern responsible for the Heuristics type. Basically, it generally indicates that the email contains URLs which take one to a different site than what is being displayed to the user. The safebrowsing string also suggests that one of the domains in question was listed on Google's blacklist of sites containing suspected malware. Regards, -- -Chuck ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Heuristics.Safebrowsing.Suspected false-positive help
This might help shed some light: https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-safebrowsing.md If you can locate the safebrowsing.cvd on your computer, you can unpack it with sigtool and view at the contents. On Tue, Jan 21, 2014 at 1:40 PM, Alex mysqlstud...@gmail.com wrote: Hi, I received a number of messages on the 17th that were tagged incorrectly with: X-Amavis-Alert: INFECTED, message contains virus: Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net I tried to figure out what the pattern was, but apparently it no longer exists? # sigtool --find-sigs Heuristics.Safebrowsing | sigtool --decode-sigs I've tried variations of this, but was unable to locate any signs of it. What is the proper way to search for this particular pattern, and does anyone have any info on what it might have been on the 17th that would cause such a false-positive? Thanks, Alex ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] Vote for ClamAV as the Sourceforge Project of the Month!
Sourceforge has fired up their monthly Project of the Month process again, and they were kind enough to choose ClamAV for this months vote! You can read more about the process on their blog post here: https://sourceforge.net/blog/revival-of-weekly-featured-projects-and-project-of-the-month-voting/ And you can cast your vote here: https://sourceforge.net/p/potm/discussion/vote/thread/7d522915/ Thanks to everyone who supports the ClamAV project, get out and vote! (Note: You must be a member of Sourceforge, and must be logged in, to vote.) -- Joel Esler Intelligence Lead Open Source Manager Vulnerability Research Team ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml