Re: [clamav-users] Solaris pkg download

2017-11-17 Thread James 

On 16/11/2017 17:15, Jones, Bob wrote:


I have no servers that are ever allowed to access the internet.  Is there a way 
to download the pkg file not using pkgutil?


wget and many others will do it, the package file is just on a URL.

Start here:
http://rsync.opencsw.org/opencsw/

Choose a file, eg:
http://rsync.opencsw.org/opencsw/testing/sparc/5.10/clamav-0.99.2%2cREV%3d2016.09.29-SunOS5.10-sparc-CSW.pkg.gz

Download to anywhere, eg, your home machine.

Transfer to your server by any means, eg, USB stick, CD, floppy, local 
network, etc.


You'll need its 10 dependencies too.
https://www.opencsw.org/packages/CSWclamav/

See also:
https://www.opencsw.org/manual/for-administrators/no-internet-access.html#no-internet-access



James.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] PUA.Win.Trojan.EmbeddedPDF-1 false-positives

2017-11-17 Thread Eric Tykwinski 
PUA's tend to have a lot of false positives due to them being Potential.
I wouldn't recommend using them unless you really need a strict scan with
the ability to whitelist when needed.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
> Behalf Of Alex
> Sent: Friday, November 17, 2017 12:44 PM
> To: ClamAV users ML
> Subject: [clamav-users] PUA.Win.Trojan.EmbeddedPDF-1 false-positives
> 
> Hi,
> 
> We're seeing a large number of false-positives with the above rule. Is
> it particularly prone to false-positives? Would someone explain how it
> works?
> 
> What's perhaps even more strange is that scanning the email again (or
> the files within the email) don't produce the same false-positives.
> 
> Was there a period where this pattern had a problem and has now been
> corrected?
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] PUA.Win.Trojan.EmbeddedPDF-1 false-positives

2017-11-17 Thread Alex 
Hi,

We're seeing a large number of false-positives with the above rule. Is
it particularly prone to false-positives? Would someone explain how it
works?

What's perhaps even more strange is that scanning the email again (or
the files within the email) don't produce the same false-positives.

Was there a period where this pattern had a problem and has now been corrected?
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Solaris pkg download

2017-11-17 Thread G.W. Haywood 

Hi there,

On Fri, 17 Nov 2017, Jones, Bob wrote:


I have no servers that are ever allowed to access the internet.  Is
there a way to download the pkg file not using pkgutil?


If you have no Internet access, I suspect that ClamAV is just a distraction.

--

73,
Ged.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Virus Malvare not detected

2017-11-17 Thread ungifted01 


14.11.2017 15:00, Al Varnell пишет:
> According to VirusTotal, ClamAV does detect it as Doc.Dropper.Agent-6369707-0
>   
> >
> 
> but go ahead and try to submit it anyway.

Sometime they fails :)

[quote]
Date: Thu, 16 Nov 2017 17:22:01 + (UTC)
From: nore...@clamav.com
Your File: November_Order (SHA256: 
5562475251b33753a7967ce6972a1ab146d89cbc6673e5fbd364f55419e51260)
Our initial assessment shows that this file is possibly clean. If you provided 
a description that suggests otherwise, we will further examine the sample & 
proceed from there.
-The ClamAV team
[/quote]

https://www.virustotal.com/en/file/5562475251b33753a7967ce6972a1ab146d89cbc6673e5fbd364f55419e51260/analysis/
SHA256: 5562475251b33753a7967ce6972a1ab146d89cbc6673e5fbd364f55419e51260
File name:  November_Order.doc
Detection ratio:24 / 59
Analysis date:  2017-11-16 20:54:05 UTC ( 11 hours, 17 minutes ago ) 
ClamAV  Doc.Dropper.Agent-6374970-0 20171115

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml