On 08.05.14 22:52, Alexander Tampermeier wrote:
So, I got into the same error adding symbols-trouble as before with
libxml2, now with libltdl. First I thought, that this might be a
general issue with my libraries. But then I tried to recompile
several packages including php (which also uses
Hi,
The virus I'm looking at in particular is Trojan.Win32.Yakes.elfb. That's
how Kaspersky finds it and calls it. It was submitted at the 20th July 2011
so it's quite old. After applying SaneSecurity databases the virus still
cannot be found.
I tried to scan a ZIP file - no virus found.
I tried
Thorvald,
Just another user here, but I don’t understand why you would be surprised by
this. Are you under the impression that Kaspersky shares it’s samples with
anybody else? As far as I know, the only way the ClamAV® team would have a
sample is if one of us users submitted it to them or it
On 09.05.14 09:28, Thorvald Hallvardsson wrote:
The virus I'm looking at in particular is Trojan.Win32.Yakes.elfb. That's
how Kaspersky finds it and calls it. It was submitted at the 20th July 2011
so it's quite old. After applying SaneSecurity databases the virus still
cannot be found.
I tried
Matus,
thank you for your response and for pointing out the arch-independence
of the includes.
uname -a gives (I hope that answers your question; if not, please let
me know):
Linux myhost 3.13.0-rc8 #1 SMP Sun Jan 26 14:27:15 CET 2014 x86_64
Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
We exchange samples with many groups, companies, and people. Bringing in over
650,000 unique samples a day. Which highlights the understaffed issue.
--
Joel Esler
Sent from my iPhone
On May 9, 2014, at 4:59, Al Varnell alvarn...@mac.com wrote:
Thorvald,
Just another user here, but I
On Thu, May 8, 2014 at 10:35 PM, Eric Shubert e...@shubes.net wrote:
Immediately after upgrading from 0.98 to 0.98.3,
when clamdscan --stdout -V is run (via simscanmk -g),
the clamdscan appears to go into a hard loop (eats a lot of cpu endlessly).
Here are non-default config settings:
The clamav false positive submission system will not accept my entry and
says that it is not detected by ClamAV. This is not a virus, not
malware, this is a PHP test file for the PHP source. The released
version for my dist is 0.98.1 but the submission system said to use the
latest version, so I
We are looking into it and will get back to you shortly.
- Alain
On Fri, May 9, 2014 at 9:06 AM, Bill Bennert b...@webreply.com wrote:
The clamav false positive submission system will not accept my entry and
says that it is not detected by ClamAV. This is not a virus, not
malware, this is a
On May 8, 2014, at 12:50 PM, Dennis Peterson
denni...@inetnw.commailto:denni...@inetnw.com wrote:
On 5/8/14, 9:00 AM, Dennis Peterson wrote:
On 5/8/14, 8:23 AM, Shawn Webb wrote:
Hey Martin,
Is there a way you can get to me main.cvd.broken? I'm wondering if the
change to OpenSSL for hashing has
Lars Hecking wrote:
I've been building with static openssl for a while as well, and am still
using gcc 3.4.6 as I couldn't get newer versions to compile - although
it seems possible, and I'll try again; maybe using gcc 4.7 or 4.6.
Well, 4.7.3 doesn't build for me. Trying 4.6.4 now.
On 09/05/2014 14:56, Joel Esler (jesler) wrote:
Hello,
Don't get over excited about Sparc, freshclam has the same problem on
i386 Solaris.
...
May 8 07:41:13 mailhost freshclam[3924]: [ID 702911 mail.info]
freshclam daemon 0.98.3 (OS: solaris2.10, ARCH: i386, CPU: i386)
May 8 07:41:13
On 5/8/2014 10:35 PM, Eric Shubert wrote:
[root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$
Inefficiency bugs me... You can do multiple patterns with a single grep
using the -e flag.
grep -v -e ^# -e ^$ clamd.conf
--
Bowie
___
Help us
On Fri, 2014-05-09 at 10:33 -0400, Bowie Bailey wrote:
On 5/8/2014 10:35 PM, Eric Shubert wrote:
[root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$
Inefficiency bugs me... You can do multiple patterns with a single grep
using the -e flag.
grep -v -e ^# -e ^$ clamd.conf
You are
Bill,
The ClamAV alert for the test file you provided is not a false positive. It
is actually a true positive.
- Alain
On Fri, May 9, 2014 at 9:25 AM, Alain Zidouemba
azidoue...@sourcefire.comwrote:
We are looking into it and will get back to you shortly.
- Alain
On Fri, May 9, 2014 at
On 05/09/2014 07:45 AM, Greg Folkert wrote:
On Fri, 2014-05-09 at 10:33 -0400, Bowie Bailey wrote:
On 5/8/2014 10:35 PM, Eric Shubert wrote:
[root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$
Inefficiency bugs me... You can do multiple patterns with a single grep
using the -e flag.
Hi Alain,
I greatly appreciate your time in confirming this. In response, I did
some additional research and understand that it is a true positive since
the file runs a test for that exact condition. Would white-listing it
using a file signature hash be valid measure, or would that a bad idea?
On Fri, 2014-05-09 at 14:17 -0400, Bill Bennert wrote:
Hi Alain,
I greatly appreciate your time in confirming this. In response, I did
some additional research and understand that it is a true positive since
the file runs a test for that exact condition. Would white-listing it
using a file
On 05/09/2014 04:41 AM, Shawn Webb wrote:
On Thu, May 8, 2014 at 10:35 PM, Eric Shubert e...@shubes.net wrote:
Immediately after upgrading from 0.98 to 0.98.3,
when clamdscan --stdout -V is run (via simscanmk -g),
the clamdscan appears to go into a hard loop (eats a lot of cpu endlessly).
Hi Alain,
That was exactly what I was looking for. The idea of doing that was
not sitting right with me. I will find another way to handle this file
that will keep coming back from git when I do pulls.
Thank you,
-Bill
On 05/09/2014 02:48 PM, Greg Folkert wrote:
On Fri, 2014-05-09 at 14:17
Hello,
This may not be related; however I am also having some loop issues with 0.98.3
I'm using qmail-scanner, and everything works fine with 0.98.1
Now, using 0.98.3, I've got some clamdscan processes that are looping non-stop
opening '/etc/services':
# strace -p 13472 -s 5120
[...]
Bill... I wrote the response to your query about whitelisting the
TRUE-POSITIVE file.
As a general rule you *NEVER* EVER whitelist a TRUE-POSITIVE... what
would be the point of an Anti-(Virus/Malware/Trojab) system then.
On Fri, 2014-05-09 at 14:58 -0400, Bill Bennert wrote:
Hi Alain,
That
Eric,
I have confirmed this on ubuntu 12.04 on x64. Bugzilla bug for tracking is
10992.
Thanks for your report,
Steve
On Fri, May 9, 2014 at 2:48 PM, Eric Shubert e...@shubes.net wrote:
On 05/09/2014 04:41 AM, Shawn Webb wrote:
On Thu, May 8, 2014 at 10:35 PM, Eric Shubert e...@shubes.net
On Fri, May 9, 2014 at 3:02 PM, Philippe Ratté
pra...@cybergeneration.comwrote:
Hello,
This may not be related; however I am also having some loop issues with
0.98.3
I'm using qmail-scanner, and everything works fine with 0.98.1
Now, using 0.98.3, I've got some clamdscan processes that
Confirmed in gdb, it is looping in the same place in proto.c lines 97 and
98.
On Fri, May 9, 2014 at 3:17 PM, Shawn Webb sw...@sourcefire.com wrote:
On Fri, May 9, 2014 at 3:02 PM, Philippe Ratté
pra...@cybergeneration.comwrote:
Hello,
This may not be related; however I am also having
Eric,
I've confirmed this is fixed by the patch in
https://bugzilla.clamav.net/show_buhttps://bugzilla.clamav.net/show_bug.cgi?id=10987
g.cgi?id=10987 https://bugzilla.clamav.net/show_bug.cgi?id=10987
Steve
On Fri, May 9, 2014 at 3:21 PM, Steven Morgan smor...@sourcefire.comwrote:
Confirmed
Hi Greg,
Sorry, noticed that you were you after I sent my response. You are
absolutely right, and that is exactly why I asked the list first before
blindly proceeding down that road. My first reaction was just 'delete
the file'. But where it would return any time I pulled the master branch
in
Shawn,
The patch seems to fix the problem :) So far so good; I'll keep on monitoring it
Thanks a bunch for the quick fix!
Phil
-Message d'origine-
De : clamav-users-boun...@lists.clamav.net [mailto:clamav-users-
boun...@lists.clamav.net] De la part de Shawn Webb
Envoyé : Friday,
Nice work guys. That indeed took care of it.
As I'm packaging this for the qmail-toaster project, I'm wondering if I
should release this version with the patch, or simply wait for 0.98.4 to
be released. Any idea when 0.98.4 might roll out?
Thanks.
--
-Eric 'shubes'
On 05/09/2014 12:28 PM,
On Thu, May 8, 2014 at 11:04 AM, Lars Hecking
lheck...@users.sourceforge.net wrote:
The configure code checking for the newly required openssl library is
broken.
[...]
configure:16590: checking for OpenSSL installation
configure:16632: checking for SSL_library_init in -lssl
On 5/9/14, 7:33 AM, Bowie Bailey wrote:
On 5/8/2014 10:35 PM, Eric Shubert wrote:
[root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$
Inefficiency bugs me... You can do multiple patterns with a single grep using
the -e flag.
grep -v -e ^# -e ^$ clamd.conf
Try (and there are surely
On 05/09/2014 04:41 PM, Dennis Peterson wrote:
On 5/9/14, 7:33 AM, Bowie Bailey wrote:
On 5/8/2014 10:35 PM, Eric Shubert wrote:
[root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$
Inefficiency bugs me... You can do multiple patterns with a single
grep using the -e flag.
grep -v -e ^#
The clamav-toaster package has traditionally configured clamav with
./configure --. The new clamav package for QMT (qmail-toaster) that I
created (many months ago) uses ./configure --disable-clamav.
I noticed that the resulting binary packages were considerably different
in size (15M vs 41M)
I don’t have all the information on this yet, but I’ve had two ClamXav user
complain today of commercial software being identified as infected by
Osx.Trojan.FkCode-1. I can’t locate it on the clamav-virusdb list, but perhaps
it was just added today.
The first is accordion.1.6.2(83).dmg,
On Friday, May 09, 2014 19:42:14 Eric Shubert wrote:
...
Is jit really worth the overhead? (I suppose the answer to this is
subjective)
...
One of my Debian Clamav co-maintainers recently submitted a patch for clamav
to use the system llvm (as a configure option). Once this is incorporated
Here’s the VirusTotal analysis (1/52) for Rapport-5.dmg which apparently has an
MD5 = efddf96af90be02bcc9e37cbc21c34a6
https://www.virustotal.com/en/file/c3707dd14b766fd5d19daddf19cf57e980ffaa81fec3bec3e4de47bbf7419118/analysis/.
I asked the OP to upload it to Send a false positive, but not sure
36 matches
Mail list logo
