date:20171026

Re: [clamav-users] PUA.Win.Trojan.EmbeddedPDF-1 and PUA.Pdf.Trojan.EmbeddedJavaScript-1

2017-10-26 Thread Mark Foley

You are right! I disabled the ign2 file containing a couple of bytecode
signatures generating false positives (to see if they were fixed), but I didn't
notice that I also had these two 'trojan' signatures in the same file.

I've re-enabled the PUA.*Trojan* signatures in the ign2 file and my notices have
stopped.

The bytecode signature appear to be fixed as they are no longer in the ign2
file, but are generating no notices. 

BC.Pdf.Exploit.CVE_2017_2862-6331914-0
BC.Pdf.Exploit.CVE_2017_3032-6316401-6

THX -- Mark

On Wed, 25 Oct 2017 15:17:57 -0700 Al Varnell  wrote:
>
> We discussed these same two last December: Usage questions on local.ign2
>  >
>
> -Al-
>
> On Wed, Oct 25, 2017 at 08:33 AM, Mark Foley wrote:
> > Today I got clamscan notices for PUA.Pdf.Trojan.EmbeddedJavaScript-1 and
> > PUA.Win.Trojan.EmbeddedPDF-1 on over 100 old email files that have been out
> > there for years. 
> > 
> > Are these false positives?
> > 
> > --Mark
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-milter error

2017-10-26 Thread Reindl Harald




Am 26.10.2017 um 20:23 schrieb Emanuel:

ERROR: Please edit the example config file /etc/mail/clamav-milter.conf


just do that, should explain itself
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] clamav-milter error

2017-10-26 Thread Emanuel


Hello,

i try to install clamav-milter but i received this error

why?

Oct 26 15:24:31 vps-1388337-x systemd: clamav-milter.service holdoff 
time over, scheduling restart.
Oct 26 15:24:31 vps-1388337-x systemd: Started Milter module for the 
Clam Antivirus scanner.
Oct 26 15:24:31 vps-1388337-x systemd: Starting Milter module for the 
Clam Antivirus scanner...
Oct 26 15:24:31 vps-1388337-x clamav-milter: ERROR: Please edit the 
example config file /etc/mail/clamav-milter.conf
Oct 26 15:24:31 vps-1388337-x clamav-milter: /usr/sbin/clamav-milter: 
cannot parse config file /etc/mail/clamav-milter.conf
Oct 26 15:24:31 vps-1388337-x systemd: clamav-milter.service: main 
process exited, code=exited, status=1/FAILURE
Oct 26 15:24:31 vps-1388337-x systemd: Unit clamav-milter.service 
entered failed state.

Oct 26 15:24:31 vps-1388337-x systemd: clamav-milter.service failed.
Oct 26 15:24:31 vps-1388337-x systemd: clamav-milter.service holdoff 
time over, scheduling restart.
Oct 26 15:24:31 vps-1388337-x systemd: Started Milter module for the 
Clam Antivirus scanner.
Oct 26 15:24:31 vps-1388337-x systemd: Starting Milter module for the 
Clam Antivirus scanner...
Oct 26 15:24:31 vps-1388337-x clamav-milter: ERROR: Please edit the 
example config file /etc/mail/clamav-milter.conf
Oct 26 15:24:31 vps-1388337-x clamav-milter: /usr/sbin/clamav-milter: 
cannot parse config file /etc/mail/clamav-milter.conf
Oct 26 15:24:31 vps-1388337-x systemd: clamav-milter.service: main 
process exited, code=exited, status=1/FAILURE
Oct 26 15:24:31 vps-1388337-x systemd: Unit clamav-milter.service 
entered failed state.

Oct 26 15:24:31 vps-1388337-x systemd: clamav-milter.service failed.
Oct 26 15:24:31 vps-1388337-x systemd: clamav-milter.service holdoff 
time over, scheduling restart.
Oct 26 15:24:31 vps-1388337-x systemd: Started Milter module for the 
Clam Antivirus scanner.
Oct 26 15:24:31 vps-1388337-x systemd: Starting Milter module for the 
Clam Antivirus scanner...
Oct 26 15:24:31 vps-1388337-x clamav-milter: ERROR: Please edit the 
example config file /etc/mail/clamav-milter.conf
Oct 26 15:24:31 vps-1388337-x clamav-milter: /usr/sbin/clamav-milter: 
cannot parse config file /etc/mail/clamav-milter.conf
Oct 26 15:24:31 vps-1388337-x systemd: clamav-milter.service: main 
process exited, code=exited, status=1/FAILURE
Oct 26 15:24:31 vps-1388337-x systemd: Unit clamav-milter.service 
entered failed state.

Oct 26 15:24:31 vps-1388337-x systemd: clamav-milter.service failed.
Oct 26 15:24:31 vps-1388337-x systemd: clamav-milter.service holdoff 
time over, scheduling restart.
Oct 26 15:24:31 vps-1388337-x systemd: start request repeated too 
quickly for clamav-milter.service
Oct 26 15:24:31 vps-1388337-x systemd: Failed to start Milter module for 
the Clam Antivirus scanner.
Oct 26 15:24:31 vps-1388337-x systemd: Unit clamav-milter.service 
entered failed state.

Oct 26 15:24:31 vps-1388337-x systemd: clamav-milter.service failed.

Thanks for your help.

Regards, emanuel.

--
envialosimple.com   
Emanuel Gonzalez
Deliverability Specialist
emanuel.gonza...@donweb.com 
www.envialosimple.com 
by donweb 

Nota de confidencialidad: Este mensaje y archivos adjuntos al mismo son 
confidenciales, de uso exclusivo para el destinatario del mismo. La 
divulgación y/o uso del mismo sin autorización por parte de DonWeb.com 
queda prohibida.
DonWeb.com no se hace responsable del mensaje por la falsificación y/o 
alteración del mismo.
De no ser Ud el destinatario del mismo y lo ha recibido por error, por 
favor, notifique al remitente y elimínelo de su sistema.
Confidentiality Note: This message and any attachments (the message) are 
confidential and intended solely for the addressees. Any unauthorised 
use or dissemination is prohibited by DonWeb.com.

DonWeb.com shall not be liable  for the message if altered or falsified.
If you are not the intended addressee of this message, please cancel it 
immediately and inform the sender
Nota de Confidencialidade: Esta mensagem e seus eventuais anexos podem 
conter dados confidenciais ou privilegiados.
Se você os recebeu por engano ou não é um dos destinatários aos quais 
ela foi endereçada, por favor destrua-a e a todos os seus eventuais 
anexos ou copias realizadas, imediatamente.
É proibida a retenção, distribuição, divulgação ou utilização de 
quaisquer informações aqui contidas.
Por favor, informenos sobre o recebimento indevido desta mensagem, 
retornando-a para o autor.


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] /home/gene/firefox/browser/omni.ja: Html.Exploit.CVE_2017_8750-6336209-0 FOUND

2017-10-26 Thread Tsutomu Oyamada

Thank you Joel.


On Wed, 25 Oct 2017 13:05:42 +
"Joel Esler (jesler)"  wrote:

> This has been dropped as well.
> 
> --
> Joel Esler | Talos: Manager | jes...@cisco.com
> 
> 
> 
> 
> 
> 
> On Oct 24, 2017, at 5:11 AM, Tsutomu Oyamada 
> mailto:oyam...@promark-inc.com>> wrote:
> 
> Yes,
> I have submit the file many times.
> 
> File name: omni.ja
> SHA256: 5e852b33f716fb6b81bc75d762372a105f04dcdab07a621eddb8507970dbd0b6
> 
> On Mon, 23 Oct 2017 23:48:26 -0700
> Al Varnell mailto:alvarn...@mac.com>> wrote:
> 
> Did you submit a sample of it as a false positive report? If so please reply 
> with a hash value for the file you submitted.
> 
> Sent from my iPhone
> 
> -Al-
> --
> Al Varnell
> Mountain View, CA
> 
> On Oct 23, 2017, at 9:50 PM, Tsutomu Oyamada 
> mailto:oyam...@promark-inc.com>> wrote:
> 
> Hi, Joel.
> 
> Thank you.
> The issue of false positive for Html.Exploit.CVE_2017_8750-6336209-0 has been 
> solved,
> but the issue of Html.Exploit.CVE_2017_8757-6336185-0 has not been solved yet.
> 
> Could you Drop this signature as well ?
> 
> 
> On Fri, 20 Oct 2017 14:47:24 +
> "Joel Esler (jesler)" mailto:jes...@cisco.com>> wrote:
> 
> All ?
> 
> This signature has been dropped.
> 
> --
> Joel Esler | Talos: Manager | 
> jes...@cisco.com
> 
> 
> 
> 
> 
> 
> On Oct 20, 2017, at 8:30 AM, Gene Heskett 
> mailto:ghesk...@shentel.net>>
>  wrote:
> 
> On Friday 20 October 2017 02:06:38 Al Varnell wrote:
> 
> I assume we are all still talking about
> Html.Exploit.CVE_2017_8750-6336209-0?
> 
> Gene, I believe your report was an omni.ja files infected with
> Html.Exploit.CVE_2017_8757-6336185-0.
> 
> Since it was the same file, I suppose I missed that the CVE had changed.
> Anyway, its the above number I've been looking at every morning for a
> couple weeks. I figured my previous msg was sufficient. My bad.
> 
> They have both been dealt with locally by ClamXAV, but I've not seen
> either listed as dropped by ClamAV yet.
> 
> Different versions of Firefox on different platforms.
> 
> -Al-
> 
> On Thu, Oct 19, 2017 at 10:24 PM, Gene Heskett wrote:
> On Friday 20 October 2017 00:24:20 Tsutomu Oyamada wrote:
> Hi,
> 
> The false positive for omni.ja is still ocurring.
> I have been reported this many times, but it has not fixed yet.
> 
> I have been troubled with this issue.
> What am I supposed to do?
> 
> I too have reported this, but nothing is being done.
> 
> On Sat, 23 Sep 2017 09:53:30 -0400
> 
> Gene Heskett 
> mailto:ghesk...@shentel.net>
>  >
> wrote:
> On Saturday 23 September 2017 03:59:17 Al Varnell wrote:
> note correction in subject file location
> 
> So here are the facts with regard to
> Html.Exploit.CVE_2017_8750-6336209-0 (which is not the same as
> previously reported in this thread). It was just added to the
> database about fifteen hours ago in daily - 23863 and is looking
> for two strings which you can observer by using the following
> (I'm not posting it here so this e-mail won't be detected as
> infected):
> 
> sigtool -fHtml.Exploit.CVE_2017_8750-6336209-0|sigtool
> --decode-sigs
> 
> CVE-2017-8750 is described as
>  >: "Internet
> Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1,
> Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and
> Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511,
> 1607, 1703, and Windows Server 2016 allow an attacker to execute
> arbitrary code in the context of the current user due to the way
> that Microsoft browsers access objects in memory, aka "Microsoft
> Browser Memory Corruption Vulnerability"."
> 
> so it's not a threat to your platform unless you are also running
> Windows somehow.
> 
> I've a bounty on windows here, nuke on encounter.
> 
> My power just came back so I scanned my Firefox 55.0.3 for Mac
> and it tested clean. Taking a look at the omni.ja file I see 109
> occurrences of the first string, but not the second.
> 
> So at this point I'll just repeat my advise from before to submit
> that file to  > then return here and report a
> hash value.
> 
> Means to determine hash? I'll assume sha256sum here
> 
> gene@coyote:~/firefox/browser$ sha256sum omni.ja
> 2dafa74b0c099130313a9375d433f6d93fb8f672f1620e28221b6573ed0ae348
> omni.ja
> 
> Thanks Al
> 
> On Sat, Sep 23, 2017 at 12:12 AM, Gene Heskett wrote:
> On Saturday 23 September 2017 02:32:48 Al Varnell wrote:
> Power out here so cannot check. Was negative when I looked at
> macOS version last week.
> 
> What OS?
> 
> 32 bit wheezy,on an AMD phenom, all up to date. uname -a
> 
> 3.16.0-0.bpo.4-amd64 #1 SMP Debian 3.16.39-1+deb8u1~bpo70+1
> (2017-02-24) x86_64 GNU/Linux
> 
> Thank you Al.
> 
> Sent from my iPhone
> 
> -Al-
> 
> Cheers,

Re: [clamav-users] PUA.Win.Trojan.EmbeddedPDF-1 and PUA.Pdf.Trojan.EmbeddedJavaScript-1

Re: [clamav-users] clamav-milter error

[clamav-users] clamav-milter error

Re: [clamav-users] /home/gene/firefox/browser/omni.ja: Html.Exploit.CVE_2017_8750-6336209-0 FOUND

4 matches

Site Navigation

Mail list logo

Footer information