Re: [clamav-users] undetected virus
On Tue, Jan 24, 2012 at 9:13 PM, Joel Esler wrote: > This has been handled. > I noticed this. Thanks. P. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] undetected virus
This has been handled. On Tue, Jan 24, 2012 at 3:52 AM, polloxx wrote: > On Tue, Jan 24, 2012 at 9:05 AM, Al Varnell wrote: > > On Jan 23, 2012, at 11:44 PM, polloxx wrote: > > > >> We received a virus not detected by Clamav. VirusTotal shows a 23/43 > >> detection ratio. Trend Micro recogises it as TROJ_GEN.R06C8AN. > >> Yesterday I submitted a sample to Clamav. But till now it's not > detected. > >> > https://www.virustotal.com/file/d6a2ae622adae26cc7988e68edfa6898364b423a47b8eeebb3d917459cd99a68/analysis/ > >> > >> What should be the reason of this? > > > > The clamav team consist of volunteers who work as quickly as they can, > when they can. You should not expect immediate action, especially if it > was a busy weekend. > > > > I know Al. That's not my point. > P. > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > -- Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org | http://blog.clamav.net Twitter: http://twitter.com/snort ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] undetected virus
On Tue, Jan 24, 2012 at 9:05 AM, Al Varnell wrote: > On Jan 23, 2012, at 11:44 PM, polloxx wrote: > >> We received a virus not detected by Clamav. VirusTotal shows a 23/43 >> detection ratio. Trend Micro recogises it as TROJ_GEN.R06C8AN. >> Yesterday I submitted a sample to Clamav. But till now it's not detected. >> https://www.virustotal.com/file/d6a2ae622adae26cc7988e68edfa6898364b423a47b8eeebb3d917459cd99a68/analysis/ >> >> What should be the reason of this? > > The clamav team consist of volunteers who work as quickly as they can, when > they can. You should not expect immediate action, especially if it was a > busy weekend. > I know Al. That's not my point. P. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] undetected virus
On Jan 23, 2012, at 11:44 PM, polloxx wrote: > We received a virus not detected by Clamav. VirusTotal shows a 23/43 > detection ratio. Trend Micro recogises it as TROJ_GEN.R06C8AN. > Yesterday I submitted a sample to Clamav. But till now it's not detected. > https://www.virustotal.com/file/d6a2ae622adae26cc7988e68edfa6898364b423a47b8eeebb3d917459cd99a68/analysis/ > > What should be the reason of this? The clamav team consist of volunteers who work as quickly as they can, when they can. You should not expect immediate action, especially if it was a busy weekend. Sent from Janet's iPad -Al- -- Al Varnell Grateful user from Mountain View, CA ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] undetected virus
> Dear list, > > We received a virus not detected by Clamav. VirusTotal shows a 23/43 > detection ratio. Trend Micro recogises it as TROJ_GEN.R06C8AN. > Yesterday I submitted a sample to Clamav. But till now it's not detected. > https://www.virustotal.com/file/d6a2ae622adae26cc7988e68edfa6898364b423a47b8eeebb3d917459cd99a68/analysis/ > > What should be the reason of this? Hi, I've added a quick hash into Sanesecurity's rogue.hdb... if you aren't using Sanesecurity signatures, just add this line into a .hdb file, for example localmalware.hdb and restart clamd: 0479013c040882b2b287c2bad1dbd8a6:39765:Sanesecurity.Rogue.2340 Cheers, Steve Sanesecurity ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] undetected virus
Dear list, We received a virus not detected by Clamav. VirusTotal shows a 23/43 detection ratio. Trend Micro recogises it as TROJ_GEN.R06C8AN. Yesterday I submitted a sample to Clamav. But till now it's not detected. https://www.virustotal.com/file/d6a2ae622adae26cc7988e68edfa6898364b423a47b8eeebb3d917459cd99a68/analysis/ What should be the reason of this? P. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Undetected Virus
At 11:12 AM 8/24/2006, Gerard Seibert wrote: I have recently installed the 'clamsmtpd' add on to work with Postfix. Messages are sent to it and returned to Postfix marked clean. In fact, everything is marked clean, I tried using some of the test files available here: http://www.declude.com/Articles.asp?ID=99 However, they are not being detected. These are two examples of messages I received: Those two messages are not viruses, and contain no viruses. Many sites block message/partial attachments because they are impossible to reliably virus scan (the attachment is sent piece-by-piece in two or more messages). You can block these with postfix mime_header_checks The header blank-folding affected an old version of outlook and is a malformed message that can be blocked by header_checks, but you'll never see any of these. Search the archives for further details. -- Noel Jones ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Undetected Virus
I have recently installed the 'clamsmtpd' add on to work with Postfix. Messages are sent to it and returned to Postfix marked clean. In fact, everything is marked clean, I tried using some of the test files available here: http://www.declude.com/Articles.asp?ID=99 However, they are not being detected. These are two examples of messages I received: --=_307115168==_ Content-Type: text/plain; charset="us-ascii"; format=flowed This is a test message that was sent to you because you (or someone you know) visited our page at http://www.declude.com/tools . This E-mail is designed to trigger mailserver virus scanners, but WILL NOT do any harm. It is not a virus. If you receive this E-mail, your mail server probably has no virus protection, so it will pass on viruses to you. Visit http://www.declude.com for our Declude Virus solution for IMail servers. This E-mail contains the Partial (Fragmented) Vulnerability, which future viruses may use to bypass mailserver virus scanners. Because of that, any mailserver virus scanner that does not catch this E-mail WILL almost certainly allow future viruses through. --=_307115168==_-- And this: This is a test message that was sent to you because you (or someone you know) visited our page at http://www.declude.com/tools . This E-mail is designed to trigger mailserver virus scanners, but WILL NOT do any harm. It is not a virus. If you receive this E-mail, your mail server probably has no virus protection, so it will pass on viruses to you. Visit http://www.declude.com for our Declude Virus solution for IMail servers. This E-mail contains the Outlook 'Blank Folding' Vulnerability, which future viruses may use to bypass mailserver virus scanners. Because of that, any mailserver virus scanner that does not catch this E-mail WILL almost certainly allow future viruses through. Is this considered normal? I tried several different tests, and most were never detected. -- Gerard Seibert [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Undetected Virus
"Randal, Phil" <[EMAIL PROTECTED]> > I submitted a sample yesterday afternoon (GMT) to > http://cgi.clamav.net/sendvirus.cgi , http://virusscan.jotti.org/ , and > http://www.virustotal.com/ > > Cheers, > > Phil Thanks! I have a question though. I created a directory "/var/mail/quarantine" in which quarantined email is supposed to go. I assume that I would send the suspected email message from that directory for analyses. Is that correct? Ciao -- Gerard Seibert [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Undetected Virus
> I have the latest version of ClamAV and the signature files > installed, however it fails to detect the Win32.Blackmail.F virus. > > My mail is delivered to a FreeBSD server that I run. One of > the machines on the network is a WinXP machine running > ZoneAlarm Suite. When this Windows machine POPs mail from the > mail server it detects this virus. It has happened three > times in the past 24 hours. The messages are marked as clean > by ClamAV. > > Is this something that I should be reporting to someone? > > Thanks! > > -- > Gerard Seibert > [EMAIL PROTECTED] I submitted a sample yesterday afternoon (GMT) to http://cgi.clamav.net/sendvirus.cgi , http://virusscan.jotti.org/ , and http://www.virustotal.com/ Cheers, Phil Phil Randal Network Engineer Herefordshire Council Hereford, UK ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Undetected Virus
On 1/18/2006 1:23 AM +0100, Gerard Seibert wrote: Is this something that I should be reporting to someone? Thanks! http://clamav.net "submit sample" Regards, Niek ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Undetected Virus
I have the latest version of ClamAV and the signature files installed, however it fails to detect the Win32.Blackmail.F virus. My mail is delivered to a FreeBSD server that I run. One of the machines on the network is a WinXP machine running ZoneAlarm Suite. When this Windows machine POPs mail from the mail server it detects this virus. It has happened three times in the past 24 hours. The messages are marked as clean by ClamAV. Is this something that I should be reporting to someone? Thanks! -- Gerard Seibert [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] undetected virus by clamav
I have 3 viruses found on my harddrive which not detected by clamav other scanner like fprot or mcaffee detect the virus as 1.ex# Found the MultiDropper-IY trojan !!! 2.ex# Found the W32/Spybot.worm.gen.d virus !!! 3.ex# Found the IRC/Flood.dj trojan !!! I have scan the files with the online scanner from clamav. he say clamav scans the file ... Clamav-Output: /tmp/phpeQMyfj: OK Clamav DID NOT identify your sample as malicious content I scan one more times with mcaffee and found the 3 viruses. when I try submit the virus files with the online submit page I get an error message like this This virus is already recognized by ClamAV. Be careful when submitting samples and remember to run freshclam! I have run freshclam and the database is up to date. but the virus is undetected by clamav since four days. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users