Hi Folks,
I've been getting the following error for a week or so:
'LibClamAV Warning: Bytecode runtime error at line 1226, col 4'
I finally found the time to run ClamAV in verbose mode and believe this is
the culprit:
'Scanning C:\Program Files (x86)\Applian Director\ClearRegCode.exe'
At
First thing I notice is that you are running two different versions of ClamAV.
--
Sent from my iPhone
> On May 2, 2017, at 20:08, Rafael Ferreira wrote:
>
> Can you tell us which virus you encountered? Also can you validate that the
> file has the same checksum in both
Can you tell us which virus you encountered? Also can you validate that the
file has the same checksum in both windows and Linux?
> On May 2, 2017, at 2:22 PM, Peter B. wrote:
>
> Dear Clamav users,
>
> I was scanning a ZIP file with both: clamscan (on Xubuntu), and
Dear Clamav users,
I was scanning a ZIP file with both: clamscan (on Xubuntu), and clamwin
(on Win7).
Clamwin found a virus, where clamscan did not.
I'm surprised, since I thought these are just 2 frontends for the same
engine and virus database?
I updated the database on Linux using "$ sudo
I do see a few alerts for Pdf.Exploit.CVE_2017_3039-6300177-2 on
VirusTotal, too.
We'll be dropping the signature again & examining further.
On Tue, May 2, 2017 at 8:24 AM, Giuseppe Ravasio <
giuseppe_rava...@ch.modiano.com> wrote:
> Hi,
>
> I'm now getting some other signed pdf matched by
>
Hi,
I'm now getting some other signed pdf matched by
Pdf.Exploit.CVE_2017_3039-6300177-2
As with the Pdf.Exploit.CVE_2017_3039-6300177-0 it only happens using
the daemon and not clamscan.
Regards
Giuseppe
Il 02/05/2017 09:46, Al Varnell ha scritto:
> I see there is an rewrite in daily 23349
I see there is an rewrite in daily 23349 that just posted:
> VIRUS NAME: Pdf.Exploit.CVE_2017_3039-6300177-2
> TDB: Engine:81-255,Target:10
> LOGICAL EXPRESSION: 0&1&2=0
> * SUBSIG ID 0
> +-> OFFSET: ANY
> +-> SIGMOD: NONE
> +-> DECODED SUBSIGNATURE:
>
It never appeared on a daily as being dropped, but when I checked on Saturday
and again just now, I can't find it:
> $ sigtool --find Pdf.Exploit.CVE_2017_3039-6300177-0
> $
I don't think it is related, but there was an issue with DNS that stopped all
updates after 23343 late Saturday until
Hello,
did you really drop the signature?
During the weekend scan (clamscan), we got 45 false positives. According
to file names, they seem to be signed official PDF documents from goverment.
On 04/28/17 17:16, Christopher Marczewski wrote:
> Thanks for the reports. We'll be modifying the