date:20171005

Re: [clamav-users] FP Ppt.Exploit.CVE_2017_0199-6336815-1

2017-10-05 Thread Joel Esler (jesler)

This signature was fixed this morning.

Sent from my iPhone

On Oct 5, 2017, at 5:03 PM, Al Varnell 
> wrote:

Please don't include signatures that apply to all file types in your email to 
the list as the message gets marked as infected. I'm sure some of the 
intermediate servers will reject the message, as well.

-Al-

On Thu, Oct 05, 2017 at 01:59 PM, Vincent Fox wrote:
Hi,

Getting hits today on this entry in daily.cld.

[root@smtp1 clamav]# sigtool --find-sigs 
Ppt.Exploit.CVE_2017_0199-6336815-1|sigtool --decode-sigs

Thanks!
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] FP Ppt.Exploit.CVE_2017_0199-6336815-1

2017-10-05 Thread Al Varnell

Please don't include signatures that apply to all file types in your email to 
the list as the message gets marked as infected. I'm sure some of the 
intermediate servers will reject the message, as well.

-Al-

On Thu, Oct 05, 2017 at 01:59 PM, Vincent Fox wrote:
> Hi,
> 
> Getting hits today on this entry in daily.cld.
> 
> [root@smtp1 clamav]# sigtool --find-sigs 
> Ppt.Exploit.CVE_2017_0199-6336815-1|sigtool --decode-sigs
> 
> Thanks!


smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] FP Ppt.Exploit.CVE_2017_0199-6336815-1

2017-10-05 Thread Vincent Fox

Hi,

Getting hits today on this entry in daily.cld.

[root@smtp1 clamav]# sigtool --find-sigs 
Ppt.Exploit.CVE_2017_0199-6336815-1|sigtool --decode-sigs
VIRUS NAME: Ppt.Exploit.CVE_2017_0199-6336815-1
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
schemas.openxmlformats.org/officedocument{WILDCARD_ANY_STRING(LENGTH<=500)}script:

Thanks!



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Unsubscribe not working

2017-10-05 Thread Joel Esler (jesler)

On Oct 5, 2017, at 7:38 AM, Matus UHLAR - fantomas 
> wrote:

On 05.10.17 10:10, Bob Williams wrote:
Apologies for generating noise. :-(

I have visited the website
 several
times and followed the unsubscribe process, but I am still receiving list
mailings.  I never received the confirmation email, and yes, I've checked
my spam/junk folder.  If the list admin reads this I'd be grateful for
some help.

the unsubscribe confirmation request may be dropped/rejected by your
mailservers too.

also, do those mail come exactly to your address 
use...@karmasailing.uk?
It happens sometimes that person lets old account forward mail and can't
unsubscribe from new one...

That email address is not a member of the list.

--
Joel Esler
Manager
Talos Group
http://www.talosintelligence.com
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Fwd: [clamav-virusdb] Signatures Published daily - 23900

2017-10-05 Thread Adnan de Castro Donato


In keeping with one false positive reports
I have 8 CentOS servers report below after Signatures Published daily - 23900 
update:

All attachment with extension *.xls have the same issue:

VIRUS ALERT

Our content checker found
virus: Ppt.Exploit.CVE_2017_0199-6336815-1


Believe this is a false positive  Would like confirmation and an update if 
possible

Thanks.





- Mensagem original -
De: nore...@sourcefire.com
Para: clamav-viru...@lists.clamav.net
Enviadas: Quarta-feira, 4 de outubro de 2017 1:40:01
Assunto: [clamav-virusdb] Signatures Published daily - 23900

ClamAV Signature Publishing Notice

Datefile:   daily
Version:23900
Publisher:  Alain Zidouemba
New Sigs:   128
Dropped Sigs:   0
Ignored Sigs:   166


New Detection Signatures:


* Ppt.Exploit.CVE_2017_0199-6336815-1

* Rtf.Exploit.CVE_2017_0199-6336824-0

* Email.Phishing.VOF2-6336842-0

* Email.Phishing.VOF2-6336844-0

* Email.Phishing.VOF2-6336845-0

* Email.Phishing.VOF2-6336846-0

* Win.Trojan.Emotet-6336856-1

* Osx.Malware.Agent-6337576-0

* Doc.Dropper.Agent-6337577-0

* Doc.Dropper.Agent-6337578-0

* Doc.Dropper.Agent-6337579-0

* Doc.Dropper.Agent-6337580-0

* Doc.Dropper.Agent-6337581-0

* Doc.Dropper.Agent-6337582-0

* Doc.Dropper.Agent-6337583-0

* Doc.Dropper.Agent-6337584-0

* Doc.Dropper.Agent-6337585-0

* Doc.Dropper.Agent-6337586-0

* Doc.Dropper.Agent-6337587-0

* Doc.Dropper.Agent-6337588-0

* Doc.Dropper.Agent-6337589-0

* Doc.Dropper.Agent-6337590-0

* Doc.Dropper.Agent-6337591-0

* Doc.Dropper.Agent-6337592-0

* Doc.Dropper.Agent-6337593-0

* Doc.Dropper.Agent-6337594-0

* Doc.Dropper.Agent-6337595-0

* Doc.Dropper.Agent-6337596-0

* Doc.Dropper.Agent-6337597-0

* Doc.Dropper.Agent-6337598-0

* Doc.Dropper.Agent-6337599-0

* Doc.Dropper.Agent-6337600-0

* Doc.Dropper.Agent-6337601-0

* Doc.Dropper.Agent-6337602-0

* Doc.Dropper.Agent-6337603-0

* Doc.Dropper.Agent-6337604-0

* Doc.Dropper.Agent-6337605-0

* Doc.Dropper.Agent-6337606-0

* Osx.Malware.Agent-6338335-0

* Doc.Dropper.Agent-6338336-0

* Doc.Dropper.Agent-6338337-0

* Doc.Dropper.Agent-6338338-0

* Doc.Dropper.Agent-6338339-0

* Doc.Dropper.Agent-6338340-0

* Doc.Dropper.Agent-6338341-0

* Doc.Dropper.Agent-6338342-0

* Doc.Dropper.Agent-6338343-0

* Doc.Dropper.Agent-6338344-0

* Doc.Dropper.Agent-6338345-0

* Doc.Dropper.Agent-6338346-0

* Doc.Dropper.Agent-6338347-0

* Doc.Dropper.Agent-6338348-0

* Doc.Dropper.Agent-6338349-0

* Doc.Dropper.Agent-6338350-0

* Doc.Dropper.Agent-6338351-0

* Doc.Dropper.Agent-6338352-0

* Doc.Dropper.Agent-6338353-0

* Doc.Dropper.Agent-6338354-0

* Doc.Dropper.Agent-6338355-0

* Doc.Dropper.Agent-6338356-0

* Doc.Dropper.Agent-6338357-0

* Doc.Dropper.Agent-6338358-0

* Doc.Dropper.Agent-6338359-0

* Doc.Dropper.Agent-6338360-0

* Doc.Dropper.Agent-6338361-0

* Doc.Dropper.Agent-6338362-0

* Doc.Dropper.Agent-6338363-0

* Doc.Dropper.Agent-6338364-0

* Doc.Dropper.Agent-6338365-0

* Doc.Dropper.Agent-6338366-0

* Doc.Dropper.Agent-6338367-0

* Osx.Malware.Agent-6338368-0

* Doc.Dropper.Agent-6338369-0

* Doc.Dropper.Agent-6338370-0

* Doc.Dropper.Agent-6338371-0

* Doc.Dropper.Agent-6338372-0

* Doc.Dropper.Agent-6338373-0

* Doc.Dropper.Agent-6338374-0

* Doc.Dropper.Agent-6338375-0

* Doc.Dropper.Agent-6338376-0

* Doc.Dropper.Agent-6338377-0

* Doc.Dropper.Agent-6338378-0

* Doc.Dropper.Agent-6338379-0

* Doc.Dropper.Agent-6338380-0

* Doc.Dropper.Agent-6338381-0

* Doc.Dropper.Agent-6338382-0

* Doc.Dropper.Agent-6338383-0

* Doc.Dropper.Agent-6338384-0

* Doc.Dropper.Agent-6338385-0

* Doc.Dropper.Agent-6338386-0

* Doc.Dropper.Agent-6338387-0

* Doc.Dropper.Agent-6338388-0

* Doc.Dropper.Agent-6338389-0

* Doc.Dropper.Agent-6338390-0

* Osx.Malware.Agent-6338391-0

* Doc.Dropper.Agent-6338392-0

* Doc.Dropper.Agent-6338393-0

* Doc.Dropper.Agent-6338394-0

* Doc.Dropper.Agent-6338395-0

* Doc.Dropper.Agent-6338396-0

* Doc.Dropper.Agent-6338397-0

* Doc.Dropper.Agent-6338398-0

* Doc.Dropper.Agent-6338399-0

* Doc.Dropper.Agent-6338400-0

* Doc.Dropper.Agent-6338401-0

* Doc.Dropper.Agent-6338402-0

* Doc.Dropper.Agent-6338403-0

* Doc.Dropper.Agent-6338404-0

* Doc.Dropper.Agent-6338405-0

* Doc.Dropper.Agent-6338406-0

* Doc.Dropper.Agent-6338407-0

* Doc.Dropper.Agent-6338408-0

* Doc.Dropper.Agent-6338409-0

* Doc.Dropper.Agent-6338410-0

* Doc.Dropper.Agent-6338411-0

* Doc.Dropper.Agent-6338412-0

* Doc.Dropper.Agent-6338413-0

* Doc.Dropper.Agent-6338414-0

* Doc.Dropper.Agent-6338415-0

*

Re: [clamav-users] Unsubscribe not working

2017-10-05 Thread Matus UHLAR - fantomas


On 05.10.17 10:10, Bob Williams wrote:

Apologies for generating noise. :-(

I have visited the website
 several
times and followed the unsubscribe process, but I am still receiving list
mailings.  I never received the confirmation email, and yes, I've checked
my spam/junk folder.  If the list admin reads this I'd be grateful for
some help.


the unsubscribe confirmation request may be dropped/rejected by your
mailservers too.

also, do those mail come exactly to your address use...@karmasailing.uk?
It happens sometimes that person lets old account forward mail and can't
unsubscribe from new one...

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Unsubscribe not working

2017-10-05 Thread Bob Williams

Apologies for generating noise. :-(

I have visited the website 
 several times 
and followed the unsubscribe process, but I am still receiving list mailings. I 
never received the confirmation email, and yes, I've checked my spam/junk 
folder. If the list admin reads this I'd be grateful for some help.

Bob
-- 
Bob Williams
   System:  Linux 4.4.87-25-default
   Distro:  openSUSE 42.3 (x86_64)
   Desktop: KDE Frameworks: 5.32.0, Qt: 5.6.2 and Plasma: 5.8.7


pgpPswxN44_z4.pgp
Description: OpenPGP digital signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Ppt.Exploit.CVE_2017_0199-6336815-1 FP?

2017-10-05 Thread Simon Mousey Smith

Hi,

We have a few this morning from a few of our servers too which contain docx 
files

thisisasecretfile.docx: Ppt.Exploit.CVE_2017_0199-6336815-1 FOUND

Regards

Simon

> On 5 Oct 2017, at 09:49, Al Varnell  wrote:
> 
> Please don't include signatures that apply to "Any File" in an e-mail as it 
> was detected as infected upon arrival and could easily be blocked by 
> intermediate mail servers.
> 
> -Al-
> 
> On Thu, Oct 05, 2017 at 01:42 AM, Hajo Locke wrote:
>> since yesterday we found a lot of malware called 
>> Ppt.Exploit.CVE_2017_0199-6336815-1
>> Hitrate is extremly increasing. Currently i believe this is a FP.
>> Signature looks short:
>> Ppt.Exploit.CVE_2017_0199-6336815-1 
>> This decodes to:
>> 
>> 
>> Unfortunately i cant sent samples of found docx-files, because they are 
>> privat.
>> Anybody else noticed this behaviour?
>> 
>> Thanks,
>> Hajo
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Ppt.Exploit.CVE_2017_0199-6336815-1 FP?

2017-10-05 Thread Al Varnell

Please don't include signatures that apply to "Any File" in an e-mail as it was 
detected as infected upon arrival and could easily be blocked by intermediate 
mail servers.

-Al-

On Thu, Oct 05, 2017 at 01:42 AM, Hajo Locke wrote:
> since yesterday we found a lot of malware called 
> Ppt.Exploit.CVE_2017_0199-6336815-1
> Hitrate is extremly increasing. Currently i believe this is a FP.
> Signature looks short:
> Ppt.Exploit.CVE_2017_0199-6336815-1 
> This decodes to:
> 
> 
> Unfortunately i cant sent samples of found docx-files, because they are 
> privat.
> Anybody else noticed this behaviour?
> 
> Thanks,
> Hajo


smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Ppt.Exploit.CVE_2017_0199-6336815-1 FP?

2017-10-05 Thread Hajo Locke


Hello List,

since yesterday we found a lot of malware called 
Ppt.Exploit.CVE_2017_0199-6336815-1

Hitrate is extremly increasing. Currently i believe this is a FP.
Signature looks short:
Ppt.Exploit.CVE_2017_0199-6336815-1:0:*:736368656d61732e6f70656e786d6c666f726d6174732e6f72672f6f696365646f63756d656e74{-500}7363726970743a
This decodes to:
schemas.openxmlformats.org/officedocument{-500}script:

Unfortunately i cant sent samples of found docx-files, because they are 
privat.

Anybody else noticed this behaviour?

Thanks,
Hajo
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] FP Ppt.Exploit.CVE_2017_0199-6336815-1

Re: [clamav-users] FP Ppt.Exploit.CVE_2017_0199-6336815-1

[clamav-users] FP Ppt.Exploit.CVE_2017_0199-6336815-1

Re: [clamav-users] Unsubscribe not working

[clamav-users] Fwd: [clamav-virusdb] Signatures Published daily - 23900

Re: [clamav-users] Unsubscribe not working

[clamav-users] Unsubscribe not working

Re: [clamav-users] Ppt.Exploit.CVE_2017_0199-6336815-1 FP?

Re: [clamav-users] Ppt.Exploit.CVE_2017_0199-6336815-1 FP?

[clamav-users] Ppt.Exploit.CVE_2017_0199-6336815-1 FP?

10 matches

Site Navigation

Mail list logo

Footer information