[clamav-users] PUA.Andr.Trojan.Mobidash-6888313-0
Hello, PUA.Andr.Trojan.Mobidash-6888313-0 is a false positive : VIRUS NAME: /tmp/daily/daily.ldu:PUA.Andr.Adware.Domob-6888036-0 TDB: Engine:51-255,FileSize:1048576-4194304,Target:0 LOGICAL EXPRESSION: 0 * SUBSIG ID 0 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: @-_1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom Securiteinfo.com La Sécurité Informatique - La Sécurité des Informations. 266, rue de Villers 60123 Bonneuil en Valois ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Andr.Dropper.Shedun-6840512-0 false positive ?
Hello, For me, Andr.Dropper.Shedun-6840512-0 seems a false positive : VIRUS NAME: /tmp/daily/daily.ldb:Andr.Dropper.Shedun-6840512-0 TDB: Engine:51-255,FileSize:4096-16384,Target:0 LOGICAL EXPRESSION: 0 * SUBSIG ID 0 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: lvik/system/DexClassLoader;Ljava/io/BufferedOutputStream;Lja As far as I know, DexClassLoader and BufferedOutputStream are legit Java/Android classes, and not malware related. What do you think about ? -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom Securiteinfo.com La Sécurité Informatique - La Sécurité des Informations. 266, rue de Villers 60123 Bonneuil en Valois ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Probably something simple but new to ClamAV
I have installed ClamAV in my PCF environment. But security team is looking at how to display the virus signature level is of the AV. Is there a command or a tool that can display this? Any help is appreciated. Thanks ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Probably something simple but new to ClamAV
clamconf will show you what you want (with a lot more detail if required): [graeme@whelk ~]$ clamconf -n | egrep 'version.+sigs' bytecode.cld: version 328, sigs: 94, built on Wed Jan 2 14:42:37 2019 daily.cld: version 25469, sigs: 1587497, built on Mon Jun 3 08:59:22 2019 main.cvd: version 58, sigs: 4566249, built on Wed Jun 7 22:38:10 2017 Graeme On 04/06/2019, 16:31, "clamav-users on behalf of Rodney Stratford via clamav-users" wrote: > I have installed ClamAV in my PCF environment. But security team is looking > at > how to display the virus signature level is of the AV. Is there a command or > a tool > that can display this? Any help is appreciated. Thanks ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Probably something simple but new to ClamAV
clamscan -V is all they care about. > -Original Message- > From: clamav-users On Behalf Of > Rodney Stratford via clamav-users > Sent: Tuesday, June 04, 2019 8:29 AM > To: clamav-users@lists.clamav.net > Cc: Rodney Stratford > Subject: [External] [clamav-users] Probably something simple but new to ClamAV > > I have installed ClamAV in my PCF environment. But security team is looking > at how to display the virus signature level is of the AV. Is > there a command or a tool that can display this? Any help is appreciated. > Thanks > > > > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
