[clamav-users] How to find string for a signature?

2017-10-20 Thread kristen R
List, I just received an email from ncas.us-cert.gov that was caught by clamd reporting PUA.Win.Trojan.Xored-1 signature. This email is from the US Department of Homeland Security. I suppose this is a case of a false positive. How does one find the string triggering this event that I might know

Re: [clamav-users] configure packaging problem

2017-10-20 Thread Zetan Drableg
Thanks that worked! -Zetan On Fri, Oct 20, 2017 at 2:51 PM, Scott Kitterman wrote: > > > On October 20, 2017 5:36:12 PM EDT, Zetan Drableg > wrote: > >Hi, I'm building and packaging clamav in a RPM for distribution to some > >systems without EPEL

Re: [clamav-users] configure packaging problem

2017-10-20 Thread Scott Kitterman
On October 20, 2017 5:36:12 PM EDT, Zetan Drableg wrote: >Hi, I'm building and packaging clamav in a RPM for distribution to some >systems without EPEL access. >While it installs ok, the default paths are absolute paths of my build >server, not of the client system. >

[clamav-users] configure packaging problem

2017-10-20 Thread Zetan Drableg
Hi, I'm building and packaging clamav in a RPM for distribution to some systems without EPEL access. While it installs ok, the default paths are absolute paths of my build server, not of the client system. tar xvzf clamav-0.99.2.tar.gz cd clamav-0.99.2 ./configure --prefix="/usr"

Re: [clamav-users] /home/gene/firefox/browser/omni.ja: Html.Exploit.CVE_2017_8750-6336209-0 FOUND

2017-10-20 Thread Gene Heskett
On Friday 20 October 2017 10:47:24 Joel Esler (jesler) wrote: > All — > > This signature has been dropped. > > -- > Joel Esler | Talos: Manager | > jes...@cisco.com > Thank you Joel. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap,

Re: [clamav-users] /home/gene/firefox/browser/omni.ja: Html.Exploit.CVE_2017_8750-6336209-0 FOUND

2017-10-20 Thread Joel Esler (jesler)
All — This signature has been dropped. -- Joel Esler | Talos: Manager | jes...@cisco.com On Oct 20, 2017, at 8:30 AM, Gene Heskett > wrote: On Friday 20 October 2017 02:06:38 Al Varnell wrote: I assume we are all

Re: [clamav-users] /home/gene/firefox/browser/omni.ja: Html.Exploit.CVE_2017_8750-6336209-0 FOUND

2017-10-20 Thread Gene Heskett
On Friday 20 October 2017 02:06:38 Al Varnell wrote: > I assume we are all still talking about > Html.Exploit.CVE_2017_8750-6336209-0? > > Gene, I believe your report was an omni.ja files infected with > Html.Exploit.CVE_2017_8757-6336185-0. > Since it was the same file, I suppose I missed that

Re: [clamav-users] /home/gene/firefox/browser/omni.ja: Html.Exploit.CVE_2017_8750-6336209-0 FOUND

2017-10-20 Thread Al Varnell
I assume we are all still talking about Html.Exploit.CVE_2017_8750-6336209-0? Gene, I believe your report was an omni.ja files infected with Html.Exploit.CVE_2017_8757-6336185-0. They have both been dealt with locally by ClamXAV, but I've not seen either listed as dropped by ClamAV yet.