Re: [clamav-users] Submitting False Negatives

2017-01-11 Thread Joel Esler (jesler)
Are you using the most updated version of the tool? It should work. -- Sent from my iPhone > On Jan 11, 2017, at 11:07 AM, Tim Tepatti wrote: > > Hello, > > I recently started using ClamAV and have a small database of virus samples > on my computer. I noticed that when scanning some of these

Re: [clamav-users] Osx.Malware.Agent-5505694-0

2017-01-11 Thread Alain Zidouemba
It's been replaced by a different signature. -Alain On Wed, Jan 11, 2017 at 6:42 PM, Al Varnell wrote: > Subject signature was added by daily - 22865 and then removed by daily - > 22869. > > [daily.hsb] 52960200bf989064d77f0a158180e4ac:1101744:Osx.Malware.Agent- > 5505694-0:73 > > VirusTotal in

Re: [clamav-users] Submitting False Negatives

2017-01-11 Thread Al Varnell
The new naming conventions no longer include a virus name. That has been true since the most recent main.cvd was released. I believe this is because of the amount of manual effort required to determine exactly what a malware sample is and the lack of uniformity in naming malware across the indus

[clamav-users] Osx.Malware.Agent-5505694-0

2017-01-11 Thread Al Varnell
Subject signature was added by daily - 22865 and then removed by daily - 22869. [daily.hsb] 52960200bf989064d77f0a158180e4ac:1101744:Osx.Malware.Agent-5505694-0:73 VirusTotal indicates that 14/54 other scanners believe this to be Malware (one of multiple variants of Advanced Mac Cleaner):

Re: [clamav-users] Submitting False Negatives

2017-01-11 Thread Tim Tepatti
Excuse my ignorance, sorry. Why is the name given so generic? With other AVs I'm used to names like "Linux.Net-Worm.Virus_Name.a" that include a name, so when I saw "Agent-(numbers)" I figured it was a generic name. On Wed, Jan 11, 2017 at 12:32 PM, Alain Zidouemba wrote: > Unix.Malware.Agent-18

Re: [clamav-users] Submitting False Negatives

2017-01-11 Thread Alain Zidouemba
Unix.Malware.Agent-1847425 is not a heuristics detection. - Alain On Wed, Jan 11, 2017 at 12:28 PM, Tim Tepatti wrote: > Sounds good to me, I'll submit them in an archive then. > > Also, another question: If a virus is picked up as a generic > "Unix.Malware.Agent-1847425", does that mean that t

Re: [clamav-users] Submitting False Negatives

2017-01-11 Thread Tim Tepatti
Sounds good to me, I'll submit them in an archive then. Also, another question: If a virus is picked up as a generic "Unix.Malware.Agent-1847425", does that mean that the sample was detected as malicious through heuristics or something like that, but the actual specific sample isn't known? Thanks

Re: [clamav-users] Submitting False Negatives

2017-01-11 Thread Christopher Marczewski
Hi Tim, For the time being, I would compress the samples and submit the resulting archive file. Be sure to mention this in the Description field of the form. You can also send the file name to me, and I'll make sure the samples get processed. On Wed, Jan 11, 2017 at 12:07 PM, Tim Tepatti wrote:

[clamav-users] Submitting False Negatives

2017-01-11 Thread Tim Tepatti
Hello, I recently started using ClamAV and have a small database of virus samples on my computer. I noticed that when scanning some of these samples ClamAV will report that the file is OK even though its a known virus. I originally tried using the clamsubmit utility included in clamav but it does