Hi,
I''m trying to create a rescue Live USB with Fedora and ClamAV for Windows
PCs. I've read this guide for speeding up ClamAV:
https://www.clamav.net/documents/how-to-speed-up-clamwin
But, specifically, how would you do this via command-line?
I've gotten so far:
clamscan -r --include='\.(exe|
Hi,
-- resend ? ---
I have server log messages coming through that are being rejected as
having "Email.Phishing.DblDom-60"
How can I determine what it is that is triggering this claim?
Thanks
AndrewM
___
Help us build a comprehensive ClamAV
On Thu, March 31, 2016 7:56 pm, Paul Kosinski wrote:
> I disable Javascript in our PDF viewer. PostScript (which underlies
> PDF) is a Turing-complete executable language, and even has a mechanism
> to read and write files, so it could cause some trouble on its own.
Good idea!
For windows users,
I disable Javascript in our PDF viewer. PostScript (which underlies
PDF) is a Turing-complete executable language, and even has a mechanism
to read and write files, so it could cause some trouble on its own.
On Thu, 31 Mar 2016 10:36:18 -0500
Noel Jones wrote:
> Known malware will still be dete
Thanks Noël.
On Thu, Mar 31, 2016 at 5:36 PM, Noel Jones wrote:
> Known malware will still be detected, even if you ignore the
> troublesome PUA sigs.
>
> These aren't really false positives since the .pdf really does
> contain javascript. So the sigs are working as intended.
>
> The alternativ
Known malware will still be detected, even if you ignore the
troublesome PUA sigs.
These aren't really false positives since the .pdf really does
contain javascript. So the sigs are working as intended.
The alternative is to communicate to your users that .pdf files
containing javascript are not
On Thu, March 31, 2016 4:01 pm, Alessandro Vesely wrote:
> This was a false positive itself. I got:
> Virus-Found: Email.Phishing.DblDom-53
> Sanesecurity.Phishing.Cur.744.UNOFFICIAL
>
Thanks for the FP report. Fixed
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter:
This was a false positive itself. I got:
Virus-Found: Email.Phishing.DblDom-53 Sanesecurity.Phishing.Cur.744.UNOFFICIAL
(I wonder how could this message pass. This reply is doomed to be blocked...)
Ale
On Wed 30/Mar/2016 20:18:52 +0200 Alain Zidouemba wrote:
> $ sigtool -fEmail.Phishing.DblDo
That's known to me Steve.
I'm afraid malware will not be detected in that case.
P.
On Thu, Mar 31, 2016 at 3:43 PM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
>
> On Thu, March 31, 2016 2:33 pm, polloxx wrote:
> > Since the new Clamav database we have a lot more false positives for
>
On Thu, March 31, 2016 2:33 pm, polloxx wrote:
> Since the new Clamav database we have a lot more false positives for
> PUA.Pdf.Trojan.EmbeddedJS-1 and PUA.Win.Trojan.EmbeddedPDF-1.
> What can we do about this, except disabling PUA?
Create a local.ign2 with the following lines:
PUA.Pdf.Trojan.Em
Since the new Clamav database we have a lot more false positives for
PUA.Pdf.Trojan.EmbeddedJS-1 and PUA.Win.Trojan.EmbeddedPDF-1.
What can we do about this, except disabling PUA?
p.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrta
On Wed, 30 Mar 2016 20:46:27 -0400, Paul Kosinski stated:
>The bug is called "BadLock", and, since Microsoft is working on it too,
>I'd guess it's an SMB protocol bug.
You can check out these URLs:
http://www.securityweek.com/microsoft-samba-preparing-patch-severe-badlock-flaw
https://nakedsecu
12 matches
Mail list logo