subject:"\[clamav\-users\] KACE false positive"

Re: [clamav-users] KACE false positive

2021-06-11 Thread G.W. Haywood via clamav-users


Hi there,

On Fri, 11 Jun 2021, Douglas Stinnette wrote:


It has been over a year since there was a wide false positive across ClamAV.
"/Library/Application Support/Quest/KACE/bin/klog"
"Unix.Malware.Macos-9867919-0 FOUND"

I do not recall how to address this. Any suggestions would be great.


Additionally, in the interim before the false positive is addressed by
the ClamAV team and the databases are updated, you can create a file
in your local ClamAV database directory which contains the MD5 hash of
the file which is being incorrectly flagged.

https://docs.clamav.net/manual/Signatures/AllowLists.html

Do make sure that it _is_ a false positive before you do that. :)

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] KACE false positive

2021-06-11 Thread Douglas Stinnette

Hi  Alain,

Thank you very much!
Doug

On Fri, Jun 11, 2021 at 11:07 AM Alain Zidouemba 
wrote:

> Thanks for reporting. Will be addressed in the next CVD update.
>
> -Alain
>
> On Fri, Jun 11, 2021 at 10:44 AM Douglas Stinnette 
> wrote:
>
>>
>> It has been over a year since there was a wide false positive across
>> ClamAV.
>> "/Library/Application Support/Quest/KACE/bin/klog"
>> "Unix.Malware.Macos-9867919-0 FOUND"
>>
>> I do not recall how to address this. Any suggestions would be great.
>> Thanks,
>> Doug
>> --
>>
>>
>> Douglas Stinnette
>>
>> VCU Technology Services
>>
>> Endpoint Security Specialist
>>
>> Virginia Commonwealth University
>>
>> 827-0933
>>
>>
>>
>> Don't be a phishing victim - VCU and other reputable organizations will
>> never use email to request that you reply with your password, Social
>> Security number or confidential personal information. For more details
>> visit http://go.vcu.edu/phishing or http://phishing.vcu.edu.
>>
>> ___
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


-- 


Douglas Stinnette

VCU Technology Services

Endpoint Security Specialist

Virginia Commonwealth University

827-0933



Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, Social
Security number or confidential personal information. For more details
visit http://go.vcu.edu/phishing or http://phishing.vcu.edu.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] KACE false positive

2021-06-11 Thread Joel Esler (jesler) via clamav-users

Douglas,

Thank you for your email. Here is a good place to file false positives: 
https://www.clamav.net/reports/fp  for 
future reference.

-- 
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
https://www.talosintelligence.com | https://www.snort.org | 
https://www.clamav.net 

> On Jun 11, 2021, at 10:42 AM, Douglas Stinnette  wrote:
> 
> 
> It has been over a year since there was a wide false positive across ClamAV.
> "/Library/Application Support/Quest/KACE/bin/klog" 
> "Unix.Malware.Macos-9867919-0 FOUND"
> 
> I do not recall how to address this. Any suggestions would be great.
> Thanks,
> Doug
> -- 
> 
> Douglas Stinnette
> VCU Technology Services
> Endpoint Security Specialist
> Virginia Commonwealth University
> 827-0933
>  
> Don't be a phishing victim - VCU and other reputable organizations will never 
> use email to request that you reply with your password, Social Security 
> number or confidential personal information. For more details visit 
> http://go.vcu.edu/phishing  or 
> http://phishing.vcu.edu .
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml



smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] KACE false positive

2021-06-11 Thread Alain Zidouemba

Thanks for reporting. Will be addressed in the next CVD update.

-Alain

On Fri, Jun 11, 2021 at 10:44 AM Douglas Stinnette  wrote:

>
> It has been over a year since there was a wide false positive across
> ClamAV.
> "/Library/Application Support/Quest/KACE/bin/klog"
> "Unix.Malware.Macos-9867919-0 FOUND"
>
> I do not recall how to address this. Any suggestions would be great.
> Thanks,
> Doug
> --
>
>
> Douglas Stinnette
>
> VCU Technology Services
>
> Endpoint Security Specialist
>
> Virginia Commonwealth University
>
> 827-0933
>
>
>
> Don't be a phishing victim - VCU and other reputable organizations will
> never use email to request that you reply with your password, Social
> Security number or confidential personal information. For more details
> visit http://go.vcu.edu/phishing or http://phishing.vcu.edu.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] KACE false positive

2021-06-11 Thread Douglas Stinnette

It has been over a year since there was a wide false positive across ClamAV.
"/Library/Application Support/Quest/KACE/bin/klog"
"Unix.Malware.Macos-9867919-0 FOUND"

I do not recall how to address this. Any suggestions would be great.
Thanks,
Doug
-- 


Douglas Stinnette

VCU Technology Services

Endpoint Security Specialist

Virginia Commonwealth University

827-0933



Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, Social
Security number or confidential personal information. For more details
visit http://go.vcu.edu/phishing or http://phishing.vcu.edu.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] KACE false positive

Re: [clamav-users] KACE false positive

Re: [clamav-users] KACE false positive

Re: [clamav-users] KACE false positive

[clamav-users] KACE false positive

5 matches

Site Navigation

Mail list logo

Footer information