Re: [clamav-users] Successfully processed

2016-02-15 Thread Gerald Venzl
Ok, I have just submitted another sample of my Javascript malware: Time: 12:20pm Pacific Time Filename: javascript_0dc34d954f.js SHA-256 hash: bc848dfab812f767970783f4926bba8c32b4071a270540b9b3a679d5ff0dcc3f On Mon, Feb 15, 2016 at 7:59 AM, Joel Esler (jesler) wrote: > That's

Re: [clamav-users] Successfully processed

2016-02-15 Thread Joel Esler (jesler)
That's preferable. But any hash will do. -- Joel Esler Manager, Talos Group Sent from my iPad On Feb 15, 2016, at 10:53 AM, "gerald.ve...@gmail.com" > wrote: Hi Joel! Of course, I understand! What hash are

Re: [clamav-users] Successfully processed

2016-02-15 Thread gerald . venzl
Hi Joel! Of course, I understand! What hash are you using? I couldn't see any on the website when submitting. Is it a regular SHA-256 hash? Also if it helps I can resubmit the file and send the hash and time of submission to this mailing list. Thx, Gerald > On Feb 15, 2016, at 07:23, Joel

Re: [clamav-users] Successfully processed

2016-02-15 Thread Joel Esler (jesler)
Gerald, We need to verify that we've received your file, and this is something we are working on. That being said, we receive millions of samples a day, so it helps, if you want to point out the hash of the file to us on the list, we can get to it. -- Joel Esler Manager, Talos Group Sent

Re: [clamav-users] Successfully processed

2016-02-15 Thread Gerald Venzl
Hey, Well, Clam still doesn't find that Trojan even after updating it so I assume it didn't work for me. Is there any convenient way for me to check? Sorry, I'm totally new to ClamAV and Linux security in general. Appreciate any guidance. Thx, On Mon, Feb 15, 2016 at 1:52 AM, Mark Allan

Re: [clamav-users] Win.Trojan.Ramnit FPs

2016-02-15 Thread Steve Basford
On Mon, February 15, 2016 11:22 am, Mark Allan wrote: > I'm still getting the email saying "your sample was empty", so I'm > posting here too. > > The Ramnit series of sigs is hitting a bunch of files which have been > resident on users' HDs and scanned as clean for many years. VT also > reports

[clamav-users] Win.Trojan.Ramnit FPs

2016-02-15 Thread Mark Allan
I'm still getting the email saying "your sample was empty", so I'm posting here too. The Ramnit series of sigs is hitting a bunch of files which have been resident on users' HDs and scanned as clean for many years. VT also reports ClamAV as the only vendor detecting an infection. To clear the

Re: [clamav-users] Successfully processed

2016-02-15 Thread Joel Esler (jesler)
We're double checking everything. Thanks for your patience. -- Joel Esler iPhone On Feb 15, 2016, at 4:53 AM, Mark Allan > wrote: Hi, I've been getting this for a few days. The first time I received it, the rogue sig was removed from the DB

Re: [clamav-users] Successfully processed

2016-02-15 Thread Mark Allan
Hi, I've been getting this for a few days. The first time I received it, the rogue sig was removed from the DB shortly afterwards, so I assumed* it worked OK and that it was just a bug in the code that composes the email response. Mark * yes, yes I know what assuming does to U and me. > On 15