Re: [clamav-users] Win.Trojan.Zwangi-432 / Osx.Exploit.CVE_2006_0848 / PHP.Shell-29
oki, thank you! I will do this in the next few minutes. - Birgit On 08. 07. 14 13:28 , Joel Esler (jesler) wrote: On Jul 8, 2014, at 5:11, DUCARROZ Birgit birgit.ducar...@unifr.ch wrote: Platform: You mean the platform where clamav is installed, not the platform the virus is for, just? Yes. The platform where ClamAV is. What do you mean I must attach with raw message? The output of the virus-scan? Or the file containing the virus (or false positive)? If it's an email, please attach the whole thing. If it's a malware, attach the malware. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Win.Trojan.Zwangi-432 / Osx.Exploit.CVE_2006_0848 / PHP.Shell-29
Tried to join the malware (an .exe file) , tried to join the email (as an .eml file). For both the form does reject, saying: The sample is empty. This file is not detected by ClamAV. Please update your CVD database before reporting false-positives. If you are using third-party databases/unofficial signatures, please contact the author of the signature. We can only process false-positives generated by ClamAV Official signatures. Please correct the above errors and retry. In your form is also an URL (What is PUA?) - When klicking on the link, the page says Search Results: Sorry, but you are looking for something that isn't here. ?? Thank you for help again.. - Birgit On 09. 07. 14 10:26 , DUCARROZ Birgit wrote: oki, thank you! I will do this in the next few minutes. - Birgit On 08. 07. 14 13:28 , Joel Esler (jesler) wrote: On Jul 8, 2014, at 5:11, DUCARROZ Birgit birgit.ducar...@unifr.ch wrote: Platform: You mean the platform where clamav is installed, not the platform the virus is for, just? Yes. The platform where ClamAV is. What do you mean I must attach with raw message? The output of the virus-scan? Or the file containing the virus (or false positive)? If it's an email, please attach the whole thing. If it's a malware, attach the malware. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml -- Birgit Ducarroz Unix Systems Administration Department of Informatics University of Fribourg Switzerland mailto:birgit.ducar...@unifr.ch Phone: +41 (26) 300 8342 https://diuf.unifr.ch/people/ducarroz/ ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Win.Trojan.Zwangi-432 / Osx.Exploit.CVE_2006_0848 / PHP.Shell-29
Hi Alain, Just some questions about the form: Platform: You mean the platform where clamav is installed, not the platform the virus is for, just? What do you mean I must attach with raw message? The output of the virus-scan? Or the file containing the virus (or false positive)? - Birgit On 07. 07. 14 15:20 , Alain Zidouemba wrote: Birgit, Let us know when you've uploaded those files. Thanks, - Alain On Mon, Jul 7, 2014 at 6:13 AM, DUCARROZ Birgit birgit.ducar...@unifr.ch wrote: No, since I did not know this form. I will do it ... - Birgit On 07. 07. 14 12:11 , Al Varnell wrote: Have you already uploaded the files to http://www.clamav.net/sendvirus/ using the “Send a false positive report” form? -Al- On Jul 7, 2014, at 3:04 AM, DUCARROZ Birgit birgit.ducar...@unifr.ch wrote: I beleave those are false positives. Please would you check the md5 hashes? Thank you a lot! Regards, Birgit Win.Trojan.Zwangi-432 FOUND -- md5 -- 9052a26074751a4a3668764ddfac0b55 Osx.Exploit.CVE_2006_0848 FOUND -- md5 -- 92fdafd02acc4f968d897dc861decb7c PHP.Shell-29 FOUND -- md5 -- b4a09911a5b23e00b55abe546ded691c Osx.Exploit.CVE_2006_0848 FOUND -- md5 -- 6434722cffeb95b95e32efd6f5523636 Osx.Exploit.CVE_2006_0848 FOUND -- md5 -- f3ce0e00c7277c60903156c7b349e92d --- SCAN SUMMARY --- Known viruses: 3493754 Engine version: 0.97.8 Infected files: 5 ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Win.Trojan.Zwangi-432 / Osx.Exploit.CVE_2006_0848 / PHP.Shell-29
On Jul 8, 2014, at 5:11, DUCARROZ Birgit birgit.ducar...@unifr.ch wrote: Platform: You mean the platform where clamav is installed, not the platform the virus is for, just? Yes. The platform where ClamAV is. What do you mean I must attach with raw message? The output of the virus-scan? Or the file containing the virus (or false positive)? If it's an email, please attach the whole thing. If it's a malware, attach the malware. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] Win.Trojan.Zwangi-432 / Osx.Exploit.CVE_2006_0848 / PHP.Shell-29
Hello list, I beleave those are false positives. Please would you check the md5 hashes? Thank you a lot! Regards, Birgit Win.Trojan.Zwangi-432 FOUND -- md5 -- 9052a26074751a4a3668764ddfac0b55 Osx.Exploit.CVE_2006_0848 FOUND -- md5 -- 92fdafd02acc4f968d897dc861decb7c PHP.Shell-29 FOUND -- md5 -- b4a09911a5b23e00b55abe546ded691c Osx.Exploit.CVE_2006_0848 FOUND -- md5 -- 6434722cffeb95b95e32efd6f5523636 Osx.Exploit.CVE_2006_0848 FOUND -- md5 -- f3ce0e00c7277c60903156c7b349e92d --- SCAN SUMMARY --- Known viruses: 3493754 Engine version: 0.97.8 Infected files: 5 ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Win.Trojan.Zwangi-432 / Osx.Exploit.CVE_2006_0848 / PHP.Shell-29
Have you already uploaded the files to http://www.clamav.net/sendvirus/ using the “Send a false positive report” form? -Al- On Jul 7, 2014, at 3:04 AM, DUCARROZ Birgit birgit.ducar...@unifr.ch wrote: I beleave those are false positives. Please would you check the md5 hashes? Thank you a lot! Regards, Birgit Win.Trojan.Zwangi-432 FOUND -- md5 -- 9052a26074751a4a3668764ddfac0b55 Osx.Exploit.CVE_2006_0848 FOUND -- md5 -- 92fdafd02acc4f968d897dc861decb7c PHP.Shell-29 FOUND -- md5 -- b4a09911a5b23e00b55abe546ded691c Osx.Exploit.CVE_2006_0848 FOUND -- md5 -- 6434722cffeb95b95e32efd6f5523636 Osx.Exploit.CVE_2006_0848 FOUND -- md5 -- f3ce0e00c7277c60903156c7b349e92d --- SCAN SUMMARY --- Known viruses: 3493754 Engine version: 0.97.8 Infected files: 5 ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Win.Trojan.Zwangi-432 / Osx.Exploit.CVE_2006_0848 / PHP.Shell-29
No, since I did not know this form. I will do it ... - Birgit On 07. 07. 14 12:11 , Al Varnell wrote: Have you already uploaded the files to http://www.clamav.net/sendvirus/ using the “Send a false positive report” form? -Al- On Jul 7, 2014, at 3:04 AM, DUCARROZ Birgit birgit.ducar...@unifr.ch wrote: I beleave those are false positives. Please would you check the md5 hashes? Thank you a lot! Regards, Birgit Win.Trojan.Zwangi-432 FOUND -- md5 -- 9052a26074751a4a3668764ddfac0b55 Osx.Exploit.CVE_2006_0848 FOUND -- md5 -- 92fdafd02acc4f968d897dc861decb7c PHP.Shell-29 FOUND -- md5 -- b4a09911a5b23e00b55abe546ded691c Osx.Exploit.CVE_2006_0848 FOUND -- md5 -- 6434722cffeb95b95e32efd6f5523636 Osx.Exploit.CVE_2006_0848 FOUND -- md5 -- f3ce0e00c7277c60903156c7b349e92d --- SCAN SUMMARY --- Known viruses: 3493754 Engine version: 0.97.8 Infected files: 5 ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml -- Birgit Ducarroz Unix Systems Administration Department of Informatics University of Fribourg Switzerland mailto:birgit.ducar...@unifr.ch Phone: +41 (26) 300 8342 https://diuf.unifr.ch/people/ducarroz/ ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Win.Trojan.Zwangi-432 / Osx.Exploit.CVE_2006_0848 / PHP.Shell-29
Birgit, Let us know when you've uploaded those files. Thanks, - Alain On Mon, Jul 7, 2014 at 6:13 AM, DUCARROZ Birgit birgit.ducar...@unifr.ch wrote: No, since I did not know this form. I will do it ... - Birgit On 07. 07. 14 12:11 , Al Varnell wrote: Have you already uploaded the files to http://www.clamav.net/sendvirus/ using the “Send a false positive report” form? -Al- On Jul 7, 2014, at 3:04 AM, DUCARROZ Birgit birgit.ducar...@unifr.ch wrote: I beleave those are false positives. Please would you check the md5 hashes? Thank you a lot! Regards, Birgit Win.Trojan.Zwangi-432 FOUND -- md5 -- 9052a26074751a4a3668764ddfac0b55 Osx.Exploit.CVE_2006_0848 FOUND -- md5 -- 92fdafd02acc4f968d897dc861decb7c PHP.Shell-29 FOUND -- md5 -- b4a09911a5b23e00b55abe546ded691c Osx.Exploit.CVE_2006_0848 FOUND -- md5 -- 6434722cffeb95b95e32efd6f5523636 Osx.Exploit.CVE_2006_0848 FOUND -- md5 -- f3ce0e00c7277c60903156c7b349e92d --- SCAN SUMMARY --- Known viruses: 3493754 Engine version: 0.97.8 Infected files: 5 ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml -- Birgit Ducarroz Unix Systems Administration Department of Informatics University of Fribourg Switzerland mailto:birgit.ducar...@unifr.ch Phone: +41 (26) 300 8342 https://diuf.unifr.ch/people/ducarroz/ ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml