Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

Hi Al, On 3/04/2016 11:17 AM, Al Varnell wrote: > sigtool --find Email.Phishing.DblDom-60 | sigtool --decode-sig Thanks, that helps. It sure looks like I need to disable that one, due to the data in my logs containing named directories from rsync output with that string. Kind Regards AndrewM

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

Hi Alain, [sorry, I didn't realize we have Al and Alain] On 3/04/2016 12:59 PM, Al Varnell wrote: > Sorry, I should have added: > > sigtool --version /usr/local/clamXav/share/clamav/ > ClamAV 0.99.1/21484/Fri Apr 1 13:09:25 2016 After update to 7.10 (Wheezy latest) and with wheezy-updates in s

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

Hi Al, On 3/04/2016 12:34 PM, Alain Zidouemba wrote: > Are you up to date with your signatures? Email.Phishing.DblDom-60 was > removed on 4/1/2016. Okay, using older Wheezy, not yet updated to 7.10 ... that will probably update things. [doing the update to 7.10 now] Also added in missing wheez

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

Sorry, I should have added: sigtool --version /usr/local/clamXav/share/clamav/ ClamAV 0.99.1/21484/Fri Apr 1 13:09:25 2016 -Al- On Sat, Apr 02, 2016 at 07:55 PM, Al Varnell wrote: > > Alain, > > I seem to be up-to-date with daily:21484 from yesterday and I’m still seeing > it: > > host -t t

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

Alain, I seem to be up-to-date with daily:21484 from yesterday and I’m still seeing it: host -t txt current.cvd.clamav.net current.cvd.clamav.net descriptive text "0.99.1:57:21484:1459646940:1:63:44502:275" sigtool --find Email.Phishing.DblDom-60 [main.ndb] Email.Phishing.DblDom-60:4:*:2f2e7061

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

Andrew: Are you up to date with your signatures? Email.Phishing.DblDom-60 was removed on 4/1/2016. FYI: $ echo -n 'Email.Phishing.DblDom-60:4:*:2f2e70617970616c2e636f6d' | sigtool --decode-sigs VIRUS NAME: Email.Phishing.DblDom-60 TARGET TYPE: MAIL OFFSET: * DECODED SIGNATURE: /[dot]paypal[dot]c

Re: [clamav-users] Unscannable MS Office files?

It seems as if the xml parser ClamAV is has some parsing errors in regard to this document variant. You could submit a bug report at bugzilla.clamav.net; attaching a sample would also help. -Kevin On Fri, Apr 1, 2016 at 6:30 PM, David Shaw wrote: > Hello, > > I am using ClamAV 0.99 on CentOS 7

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

I was suggesting that you submit the log file as an FP. It contains partial url and if I post it here then this e-mail will be reported as infected. You can see it for yourself by running the following: sigtool --find Email.Phishing.DblDom-60 | sigtool --decode-sig -Al- On Sat, Apr 02, 2016 a

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

On 3/04/2016 9:32 AM, Al Varnell wrote: > Have you submitted the log to False Positive Reports yet? > This is not a /file/ it is an email source and the source changes with each and every log. Some log files are giving this problem, most are not; I need to kno

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

Have you submitted the log to False Positive Reports yet? -Al- On Sat, Apr 02, 2016 at 12:54 PM, Andrew McGlashan wrote: > > Hi, > ** resend ? again no help *** > > 550 This message was detected as possible malware > (Email.Phishing.DblDom-60). >

[clamav-users] Email.Phishing.DblDom-60 -- issue

Hi, -- resend ? again no help --- 550 This message was detected as possible malware (Email.Phishing.DblDom-60). It is not malware, it is just simple logs of backup processes. I have server log messages coming through that are being rejected as having "Email.Phishing.DblDom-60" .