Re: [clamav-users] INSTREAM + eicar not well detected?

2022-03-03 Thread Jorge Elissalde via clamav-users
Hi, The weird part is that Avira and other Antivirus correctly are able to detect EICAR in any case, having other characters before and/or after the EICAR string. Thank you, El jue, 3 mar 2022 a las 12:27, Tuomo Soini via clamav-users (< clamav-users@lists.clamav.net>) escribió: > On Wed, 2 M

Re: [clamav-users] allowlist/fixing false positive

2022-03-03 Thread G.W. Haywood via clamav-users
Hi there, On Thu, 3 Mar 2022, Alex via clamav-users wrote: The cld version was dated Sept 19th (since manually deleted) and the cvd version is dated Sept 22nd. I'll have to see if it returns. I suspect that the cld version was created when you updated the ClamAV utilities from the distributio

Re: [clamav-users] allowlist/fixing false positive

2022-03-03 Thread Alex via clamav-users
Hi, > >How do I exclude this email from being tagged without having to bypass > >the Heuristics.Phishing.Email.SpoofedDomain rule altogether? > > > >X-Amavis-Alert: INFECTED, message contains virus: > >Heuristics.Phishing.Email.SpoofedDomain > > I think this can be enabled by disabling Phi

Re: [clamav-users] INSTREAM + eicar not well detected?

2022-03-03 Thread G.W. Haywood via clamav-users
Hi there, On Thu, 3 Mar 2022, G.W. Haywood wrote: ... Perhaps you can post the output of 'clamconf -n' ... On Thu, 3 Mar 2022, Kris Deugau wrote: ... There are quite the proliferation of hash signatures, but ... The only one that would match within a larger file or datastream is the byteco

Re: [clamav-users] INSTREAM + eicar not well detected?

2022-03-03 Thread Tuomo Soini via clamav-users
On Wed, 2 Mar 2022 12:35:40 -0300 Jorge Elissalde via clamav-users wrote: > Hi, > > I'm using clamd to make a large data scanning using INSTREAM (data it > is not available as files I could send to clamd). If I send only one > INSTREAM chunk with EICAR inside it is correctly detected, but if I

Re: [clamav-users] INSTREAM + eicar not well detected?

2022-03-03 Thread Kris Deugau
Jorge Elissalde via clamav-users wrote: Thank you for your answer. I'm using Windows clamd release 0.104.2 I have double checked with wireshark and the data sent is ok. suppose I just send: char *eicarTest = "X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" Result is ok: i

Re: [clamav-users] allowlist/fixing false positive

2022-03-03 Thread Matus UHLAR - fantomas
On 01.03.22 17:15, Alex via clamav-users wrote: I have a fedora34 system with clamd-0.103.5 and amavisd/SA/postfix. I have a newsletter from ncua.gov that keeps getting blocked because it apparently contains links.gd in the body somewhere, although I can't find it. How do I exclude this email fr