Re: [clamav-users] How to get rid of or Fix clamonacc error
On 3/22/23 6:22 AM, Andrew C Aitchison via clamav-users wrote: be careful to make sure false positives do no harm, I've had so many positives that I couldn't examine them all. Does this happen to others? What do you do for that? and remember that false negatives do happen frequently How do we become aware of false negatives? ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] linux distribution including clamav-1.0.1
On 3/7/23 2:44 PM, Andrew C Aitchison via clamav-users wrote: On Tue, 7 Mar 2023, kumar bava via clamav-users wrote: ClamAV >= 0.105 requires Rust. Rust *is* available for rhel7 - see https://developers.redhat.com/HW/Rust-RHEL-7 but it is a part of devtools. IIRC (I may not), EPEL rules say that packages cannot be built with devtools, so I am not sure what EPEL will be doing when 0.103 reaches EOL in September. Rust is definitely available in the latest Fedora (v.37), along with a lot of libraries, tools, and other ancillaries. # dnf search rust|grep -wi ^rust|wc -l 9291 ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Heueristics.Structured.CreditCardNumber ???
On February 24, 2023 2:53:31 PM EST, Andrew C Aitchison wrote: >On Fri, 24 Feb 2023, musc via clamav-users wrote: > >> This is another frequent hit I get doing a clamdscan: >> Heueristics.Structured.CreditCardNumber >> >> I've read of a scam which prompts people to apply for a credit card, >> or says falsely that a person has already a credit >> card... responding to either leads to a scam. >> >> Are eliminating these two scams the only reasons for searching out >> files containing credit card numbers? Or are there other reasons we >> should be aware of? > >My guess would be that the main use of this would be to catch >*outgoing* emails from your users replying to scams, or otherwise >emailing their c/c number to someone. >Email simply isn't secure enough to use for online payments, >so seems reasonable to reject submitted messages which contain c/c details. >Probably a case for outright rejection or quarantine, rather than >just adding to a spam score. > In that event the very substantial and formulaic email header or attachment syntax could radically eliminate false positives. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
[clamav-users] Heueristics.Structured.CreditCardNumber ???
This is another frequent hit I get doing a clamdscan: Heueristics.Structured.CreditCardNumber I've read of a scam which prompts people to apply for a credit card, or says falsely that a person has already a credit card... responding to either leads to a scam. Are eliminating these two scams the only reasons for searching out files containing credit card numbers? Or are there other reasons we should be aware of? ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] What is the actual danger of this?
On February 22, 2023 1:48:02 PM EST, newcomer01 via clamav-users wrote: >for me look it like that the jpeg files cannot be read from heuristics scan as >reason that something is wrong with it >i would not think frist, that is be an exploit > > >> A clamdscan flagged quite a few files on my system as >> Heueristics.Broken.Media.JPEG.JFIFmarkerBadPosition. What kind of exploit is >> that? And what kind of danger does it pose? (What does it do?) Is it for all >> systems? Or just for Windows? >> >> A whole lot of web searching turned up nothing. Does anyone know? In a security podcast I listened to not too long ago it spoke of an exploit against iPhones which was quite hazardous, was concealed inside of an image file, which would immediately take control of the iPhone. There's not enough information for me to say that this is that exploit. Maybe it is, maybe it's something similar, or maybe it's simply a bit of corruption of the jpg file and actually relatively harmless. There are a lot of possibilities. You're right, we don't want to make any premature assumptions, neither overestimate nor underestimate the hazard. The purpose of my post was to find more information in order to make a proper evaluation. Thanks for helping me clarify that. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
[clamav-users] What is the actual danger of this?
A clamdscan flagged quite a few files on my system as Heueristics.Broken.Media.JPEG.JFIFmarkerBadPosition. What kind of exploit is that? And what kind of danger does it pose? (What does it do?) Is it for all systems? Or just for Windows? A whole lot of web searching turned up nothing. Does anyone know? TIA. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat