There is at least one earlier discussion concerning the lack of response to
submitted javascript samples, perhaps a month ago (sorry don’t have time to
track it down at the moment). As I outlined earlier, there haven’t been many
.js signatures to date, and hardly any recent ones that were not c
testfile.pdf is an encrypted and password protected file. I have
"ArchiveBlockEncrypted No" in clamd.conf.
And a scan still finds it infected.
server(/tmp): clamdscan --config-file=/apps/clamav/etc/clamd.conf
testfile.pdf
/temp/testfile.pdf: Heuristics.Encrypted.PDF FOUND
Why? How do I sto
AL,
I am seeing lots of different version of ransomware .js downloaders
(telescript, locky, and many others and variants) for which I have been feeding
the CalmAV team and creating sigs pushed out as winnow sigs in Steve’s feed.
I can tell you that all that I have and am feeding have not been
That’s the KeRanger ransomeware which we dealt with last weekend. Not related
to Teslacrypt AFAIK.
-Al-
On Tue, Mar 15, 2016 at 10:45 AM, Dennis Peterson wrote:
>
> Already in the wild.
>
> http://www.foxnews.com/tech/2016/03/07/new-mac-os-x-ransomware-targets-apple-users.html
smime.p7s
Des
Hi,
I took a quick look at the code. The "Heuristics.Encrypted.PDF" is off by
default. Try clamscan --block-encrypted. If you have 'ArchiveBlockEncrypted
yes' in your clamd.conf, it would explain the results you are seeing with
clamdscan.
Is testfile.pdf encrypted?
Check these things out and if
Hi,
I took a quick look at the code. The "Heuristics.Encrypted.PDF" is off by
default. Try clamscan --block-encrypted. If you have 'ArchiveBlockEncrypted
yes' in your clamd.conf, it would explain the results you are seeing with
milter.
Is testfile.pdf encrypted?
Check these things out and if it
Trying to wrap my head around this.
central(/temp): clamdscan testfile.pdf
/temp/testfile.pdf: Heuristics.Encrypted.PDF FOUND
central(/temp): clamscan testfile.pdf
testfile.pdf: OK
Why does clamdscan find a virus, but clamscan not??
___
Help us buil
Does anyone know why the following might be happening? I'm running
ClamAV 0.99.1 on Linux and clamav-milter/sendmail to scan mail for
viruses. Everything runs fine. Today I had PDF (testfile.pdf) file
that was a false positive. Here are two problems I ran into.
1) When the testfile.pdf is
Already in the wild.
http://www.foxnews.com/tech/2016/03/07/new-mac-os-x-ransomware-targets-apple-users.html
On 3/15/16 3:10 AM, Al Varnell wrote:
Thanks, that’s what I suspected when I saw they all appeared to be downloaders.
Probably won’t be long until they figure out how to attack OS X wi
Thanks, that’s what I suspected when I saw they all appeared to be downloaders.
Probably won’t be long until they figure out how to attack OS X with it.
-Al-
On Tue, Mar 15, 2016 at 01:31 AM, Steve Basford wrote:
>
> In case anyone is wondering these .js files, if run, are going off to
> downl
On Tue, March 15, 2016 4:25 am, Al Varnell wrote:
>> Scanning these ZIP/.js viruses has a hit rate of about 35%. 35% of all
>> antivirus packages will say they are viruses. For example running one
>> through https://www.virustotal.com will say out of about 53 antivirus
>> programs, 16 flag it a
11 matches
Mail list logo
