Re: [clamav-users] ScanOLE2 yes disables macro virus detection

On Mon, February 8, 2016 3:48 pm, David Shrimpton wrote: > Hi Steve, > > > When I remove all my local database files problem goes away. > So problem appears to be in a local database. > Ah ok... > BAD_SIGNATURE.ldb.macro.19;Target:2;1;41747472;0:(0)/./ri For info, I've used this against my

Re: [clamav-users] ScanOLE2 yes disables macro virus detection

Hi Steve, When I remove all my local database files problem goes away. So problem appears to be in a local database. I narrowed it down to one .ldb file. But the problem doesn't seem to be as simple as one particular signature in that file. I can remove signatures until the problem goes away,

Re: [clamav-users] ScanOLE2 yes disables macro virus detection

On Sun, February 7, 2016 10:28 pm, David Shrimpton wrote: > > clamscan -z --scan-ole2=yes > > no signatures from badmacro are detected Can you do this and output the debug to a pastebin... (leave off -z) clamscan --scan-ole2=yes --debug I've tried to re-produce but can't. Cheers, Steve Web

Re: [clamav-users] False positives submitted but still viewed as viruses

Thanks for your answer. Here are the md5sums : acad82626e83064ce8792bb17f568726 21c85b53fccf0712aadad1127115f4ff 39cf4db0bba92ae1c18869198fed8e83 77273b2e4e4f4f39718e0ad9a8c39075 9fb8f134217e4a2421fbaa61f7a88838 867fd8e85ffc806162fdf6d6bda94ccd Le 08/02/2016 15:00, Steve Basford a écrit :

Re: [clamav-users] False positives submitted but still viewed as viruses

If you don't want to wait, you can also whitelist the files in your own database files. Run either of the following: sigtool --sha256 sigtool --md5 Put the output into a '.fp' file in your db directory and that should whitelist that specific file so it's not reported. --Maarten On Mon,

Re: [clamav-users] False positives submitted but still viewed as viruses

On Mon, February 8, 2016 1:27 pm, Klaas TJEBBES wrote: > Hi. > > > I've submitted several false positives but at the end of the submission > form I don't get any "submission-ID" so I cannot track my submissions. > > The files I've submitted (a week ago) are still detected as viruses. > Hi, If

Re: [clamav-users] ScanOLE2 yes disables macro virus detection

On 2016-02-08 22:26, Steven Morgan wrote: I've opened https://bugzilla.clamav.net/show_bug.cgi?id=11498 to investigate and track the issue. Plz sign up for an account at https://bugzilla.clamav.net and send me the user id and I will CC you on the bug. Once that is done, I will need for you to

Re: [clamav-users] ScanOLE2 yes disables macro virus detection

David, I've opened https://bugzilla.clamav.net/show_bug.cgi?id=11498 to investigate and track the issue. Plz sign up for an account at https://bugzilla.clamav.net and send me the user id and I will CC you on the bug. Once that is done, I will need for you to attach your signatures and sample

Re: [clamav-users] False positives submitted but still viewed as viruses

Were the files submitted through this form? http://www.clamav.net/reports/fp Thanks, - Alain On Mon, Feb 8, 2016 at 9:33 AM, Klaas TJEBBES wrote: > Thanks for your answer. > > Here are the md5sums : > acad82626e83064ce8792bb17f568726 >

Re: [clamav-users] ScanOLE2 yes disables macro virus detection

Hi Benny, We use bugzilla as the primary bug tracker. We know about github too, but bugzilla is preferred. This is mainly because bugs that are ClamAV vulnerabilities(crashes and other denial of service) should not be widely disclosed until fixed within a released version for obvious reasons. In

Re: [clamav-users] False positives submitted but still viewed as viruses

Even with a submission-ID (which I have not recently received either) you won’t really be able to “track” a submission. You will be notified when your sample has been processed by e-mail (if signed up for clamav-virusdb) at which time you will have to search recent releases for your name to