Re: [clamav-users] Error when using a private mirror

Matus, thanks for your very quick reply! This is what "PrivateMirror" does. It turns DNS off and uses IMS. > > Maybe you should use "DatabaseMirror" instead to check for actual versions. Right, however, it looks like if I use DatabaseMirror with my private mirror hostname, then the instance runn

Re: [clamav-users] how to find Html.Phishing.Auction-214

Hallo, Am 22.03.2017 um 15:12 schrieb Kees Theunissen: On Wed, 22 Mar 2017, Hajo Locke wrote: thank you steve. i could find the lines and removed them. How could you decode this signature? ~$ sigtool --find-sigs Html.Phishing.Auction-214 | sigtool --decode-sigs VIRUS NAME: Html.Phishing.Auct

Re: [clamav-users] how to find Html.Phishing.Auction-214

On Wed, 22 Mar 2017, Hajo Locke wrote: > thank you steve. i could find the lines and removed them. How could you decode > this signature? ~$ sigtool --find-sigs Html.Phishing.Auction-214 | sigtool --decode-sigs VIRUS NAME: Html.Phishing.Auction-214 TARGET TYPE: HTML OFFSET: * DECODED SIGNATURE:

Re: [clamav-users] Reporting malware/false negatives

I just added Doc.Dropper.Agent-6136130-0 to the scan system, it should be published today. -- Joel Esler | Talos: Manager | jes...@cisco.com On Mar 22, 2017, at 9:43 AM, Alex mailto:mysqlstud...@gmail.com>> wrote: Hi, How long does it typically take for a sample

Re: [clamav-users] how to find Html.Phishing.Auction-214

Hello, Am 22.03.2017 um 14:01 schrieb Steve Basford: On Wed, March 22, 2017 12:52 pm, Hajo Locke wrote: Hello, have an issue here with this signature. Html.Phishing.Auction-214 is found VIRUS NAME: Html.Phishing.Auction-214 Here you go... TARGET TYPE: HTML OFFSET: * DECODED SIGNATURE: sein

Re: [clamav-users] Reporting malware/false negatives

Hi, >> How long does it typically take for a sample to be analyzed and a >> pattern to be created? > > Generally speaking, a couple hours (sometimes 4, sometimes 8, depending on > automation schedules) Because it was encrypted, it may be a bit more > difficult, so I'll have to look into it. Wh

Re: [clamav-users] how to find Html.Phishing.Auction-214

On Wed, March 22, 2017 12:52 pm, Hajo Locke wrote: > Hello, > > > have an issue here with this signature. Html.Phishing.Auction-214 is found VIRUS NAME: Html.Phishing.Auction-214 Here you go... TARGET TYPE: HTML OFFSET: * DECODED SIGNATURE: sein, weil sie ei[][][]nen fehler gemacht haben, als si

[clamav-users] how to find Html.Phishing.Auction-214

Hello, have an issue here with this signature. Html.Phishing.Auction-214 is found within an small sql-file. i try to find corresponding text to remove it, but iam not successful. If i split my sqlfile in parts with 1000 lines and scan that parts, so every part is clean, virus is only detected i

Re: [clamav-users] Error when using a private mirror

On 22.03.17 08:17, David Pullman wrote: I'm testing the use of an S3 bucket to store databases for a private mirror. I'm getting an error when running freshclam against this private mirror. Freshclam successfully downloads the CVD files but then fails. It seems to be running "If-Modified-Since"

[clamav-users] Error when using a private mirror

Hi, I'm testing the use of an S3 bucket to store databases for a private mirror. I'm getting an error when running freshclam against this private mirror. Freshclam successfully downloads the CVD files but then fails. It seems to be running "If-Modified-Since" after the download and looking for the

Re: [clamav-users] Reporting malware/false negatives

Hello Alex, > Hi, I reported an encrypted word macro virus this morning, and this > evening it is still not detected by sanesecurity or clamav proper. Could you please send it to webmas...@securiteinfo.com too ? Thank you. -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://ww