Re: [clamav-users] Error (Cannot connect to unix socket '/var/lib/clamav/clamd.socket': connect: No such file or directory)

2016-08-10 Thread Chris
On Sun, 2016-08-07 at 17:02 +0200, Tobi wrote: > Hi Chris > > sorry I was not clear enough. I did not mean to start the service via > systemd but to call like > > sudo /usr/sbin/clamd -c /path/to/config > > and see then if the socket has been created in expected location. > > Cheers > > tobi

Re: [clamav-users] Scanning very large files in chunks

2016-08-10 Thread sapientdust+clamav
Hello, On Wed, Aug 10, 2016 at 10:11 AM, G.W. Haywood wrote: > Hello again, > > In August 2016, sapientdust+cla...@gmail.com wrote: > >> The specifics are not important to my question > > > That's not what you said earlier. To be specific, you said: > >> >> In my

Re: [clamav-users] Scanning very large files in chunks

2016-08-10 Thread G.W. Haywood
Hello again, In August 2016, sapientdust+cla...@gmail.com wrote: The specifics are not important to my question That's not what you said earlier. To be specific, you said: >> In my case, the consequence factor is very large ... >> Does anybody have any feedback on the proposed

Re: [clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1?

2016-08-10 Thread Alain Zidouemba
The offending signature has been dropped from the signature set. This should be reflected shortly in an upcoming signature update. - Alain On Wed, Aug 10, 2016 at 6:10 AM, Al Varnell wrote: > The only way to be notified is if you submit a sample to the ClamAV False >

Re: [clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1?

2016-08-10 Thread Steve Basford
On Wed, August 10, 2016 7:22 am, ANANT S ATHAVALE wrote: > Hi, > > > Most of the mails are marked with Win.Exploit.CVE_2016_3316-1. Is > this a false positive? Finally got it... blank LibreOffice.doc file... blank.doc: Win.Exploit.CVE_2016_3316-1 I've added a whitelist entry to

Re: [clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1?

2016-08-10 Thread Al Varnell
The only way to be notified is if you submit a sample to the ClamAV False Positive site that I referenced earlier. Otherwise, you’ll just have to query the database periodically to see if and when it is removed or ignored. -Al- On Wed, Aug 10, 2016 at 02:32 AM, Robert Boyle wrote: > > Can

Re: [clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1?

2016-08-10 Thread Steve Basford
On Wed, August 10, 2016 10:52 am, Jan-Pieter Cornet wrote: > On 10-8-16 08:22, ANANT S ATHAVALE wrote: > >> Hi, >> >> >> Most of the mails are marked with Win.Exploit.CVE_2016_3316-1. Is >> this a false positive? > > Created a completely empty .doc file using LibreOffice on linux, and the >

Re: [clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1?

2016-08-10 Thread Reindl Harald
Am 10.08.2016 um 11:52 schrieb Jan-Pieter Cornet: On 10-8-16 08:22, ANANT S ATHAVALE wrote: Hi, Most of the mails are marked with Win.Exploit.CVE_2016_3316-1. Is this a false positive? Yes. Created a completely empty .doc file using LibreOffice on linux, and the resulting file was

Re: [clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1?

2016-08-10 Thread Jan-Pieter Cornet
On 10-8-16 08:22, ANANT S ATHAVALE wrote: > Hi, > > Most of the mails are marked with Win.Exploit.CVE_2016_3316-1. Is this a > false positive? Yes. Created a completely empty .doc file using LibreOffice on linux, and the resulting file was recognized as Win.Exploit.CVE_2016_3316-1. This

Re: [clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1?

2016-08-10 Thread Reindl Harald
Am 10.08.2016 um 11:32 schrieb Robert Boyle: I see that you have added Win.Exploit.CVE_2016_3316-1 to whitelist.ign2 Can you please advise when this whitelist update is available to all users? you can place your own .ign2 file in the signature folder, that's the whole point of different

Re: [clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1?

2016-08-10 Thread Robert Boyle
Hi, I see that you have added Win.Exploit.CVE_2016_3316-1 to whitelist.ign2 Can you please advise when this whitelist update is available to all users? Thanks RB ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq

Re: [clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1?

2016-08-10 Thread Al Varnell
Signature was just added yesterday, so there’s a good chance. Be sure and submit a couple of samples to so that it can be taken care of for all. -Al- On Tue, Aug 09, 2016 at 11:22 PM, ANANT S ATHAVALE wrote: > > Hi, > > Most of the mails are marked with

Re: [clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1?

2016-08-10 Thread Axb
On 08/10/2016 08:22 AM, ANANT S ATHAVALE wrote: Hi, Most of the mails are marked with Win.Exploit.CVE_2016_3316-1. Is this a false positive? seems so! added Win.Exploit.CVE_2016_3316-1 to whitelist.ign2 ___ Help us build a comprehensive ClamAV

[clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1?

2016-08-10 Thread ANANT S ATHAVALE
Hi, Most of the mails are marked with Win.Exploit.CVE_2016_3316-1. Is this a false positive? -- सादर धन्यवाद/ Thanks & Regards अनंत / Anant -- Confidentiality Notice: This e-mail message,