That particular signature is a community signature provided by Willian
Cruz.
More about community signatures:
http://blog.clamav.net/2014/02/introducing-clamav-community-signatures.html
On Wed, Apr 8, 2015 at 12:15 PM, Douglas Goddard dgodd...@sourcefire.com
wrote:
You can look the hash
You can look the hash of the file up in VirusTotal.
Here is the original file that signature is associated with:
https://www.virustotal.com/en/file/4E7496E13D437989E135090713EE10C740C290D2CD869DC5A8130EFE4EF2CD98/analysis/
Googling the term OutBrowse will bring up some write ups for it
Try this page:
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb
On Sun, Mar 8, 2015 at 10:16 PM, Shawn Reynolds sadisticinsan...@gmx.com
wrote:
How do I unsubscribe from the ClamAV update list? I currently have about
80 emails of it in my inbox, and it is keeping me from
I've dropped .js, .html, and .lnk as top level extensions from those
signatures as they were causing too many problems.
Zip.Suspect.MiscDoubleExtension-zippwd-8:*:(?i)((\.doc)|([
Do you have some examples of files that are still causing problems?
I removed the .js extension - I'm happy to revise things further if it is
still causing problems.
On Wed, Sep 17, 2014 at 9:22 AM, James Meason nod...@hotmail.com wrote:
Hi Steve,
Thanks for your quick reply,
This
Thank you for the submissions James.
It looks like it is alerting on this:
libraries/gantry/js/belated-png.js
I removed the 'top level' extension .html from this signature, and
considered removing .js but didn't. I'll revise these later today to not
have .js, as that is not a huge threat in
Maybe VT hasn't updated their DB since it was published.
FP handled, signature dropped.
Thanks,
Doug
On Tue, Sep 16, 2014 at 5:28 PM, Al Varnell alvarn...@mac.com wrote:
The following file was found in Adobe PhotoShop CS6 infected with
Win.Worm.Chir-681 (apparently added to the database
That is a zip signature looking for double extension files. So, it is
interesting that it is alerting on a .txt file, unless that is a zip file
in disguise.
You can whitelist the signature by adding a whitelist.ign file to your
ClamAV database directory (for me, the path is:
I'm looking into the PUA issue and will follow up about that.
On Thu, Sep 4, 2014 at 11:43 AM, Douglas Goddard dgodd...@sourcefire.com
wrote:
That is a zip signature looking for double extension files. So, it is
interesting that it is alerting on a .txt file, unless that is a zip file
, 2014 at 11:45 AM, Douglas Goddard dgodd...@sourcefire.com
wrote:
I'm looking into the PUA issue and will follow up about that.
On Thu, Sep 4, 2014 at 11:43 AM, Douglas Goddard dgodd...@sourcefire.com
wrote:
That is a zip signature looking for double extension files. So, it is
interesting
This signature is in the process of being dropped. The signature is a ZMD
and PUA is not supported for this type. Once it is dropped it will be
re-published under a non PUA name.
If you would still like to ignore these alerts you can add the new
signatures' names to a whitelist.ign file in your
We're working on some signatures for our users who run ClamAV on their mail
servers. We'll be tweaking them over the next few weeks to minimize false
positives, but with loose signatures like this, it is difficult to
eliminate them completely.
If you're not concerned about double extension files
Confirmed the false positive. The signature should be dropped by the end of
the day.
On Tue, Aug 19, 2014 at 5:34 AM, Manoj Chitrala mchitr...@researchnow.com
wrote:
Hi,
Here is the MD5 sum output.
root@RSNUKLT146:~/Desktop# md5sum show.html.erb
16e3a74703c22cce728bb523439c1d02
.
Thanks,
Manoj Chitrala
--
Manoj Chitrala
Unix Administrator Postmaster
Tel: +44 207 084 3142 | Fax: +44 207 084 3001 | Mobile: +44 7971 312075
-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
Behalf Of Douglas Goddard
Sent: 19
Can you contact the previous owner and ask them if there is something
custom running at boot?
Is there anything too important on the computer to do a fresh install?
Are you at a terminal prompt, can you type commands?
On Fri, May 2, 2014 at 12:07 PM, Gene Heskett ghesk...@wdtv.com wrote:
On
You can also write your own signatures.
[PDF]
https://github.com/vrtadmin/clamav-devel/raw/master/docs/signatures.pdf
On Mon, Apr 21, 2014 at 3:21 PM, Charles Swiger cswi...@mac.com wrote:
Hi--
On Apr 21, 2014, at 12:12 PM, Dave Shevett shev...@pobox.com wrote:
Hi everyone - we have
Thanks. These are all mine. I'll drop the FPs right away.
On Wed, Feb 12, 2014 at 12:06 AM, Al Varnell alvarn...@mac.com wrote:
I very much appreciate the obvious hard work from the signature team in
more than doubling the number of OSX signatures in the database today.
Unfortunately it
Looking at the original file and what was uploaded to VT, this signature is
the md5sum of 43180 null bytes. While I would say this is definitely
Junk.Corrupted, it's not malicious. I'll drop it.
Thanks for the report.
On Thu, Feb 6, 2014 at 6:12 AM, Steve Basford
steveb_cla...@sanesecurity.com
This might help shed some light:
https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-safebrowsing.md
If you can locate the safebrowsing.cvd on your computer, you can unpack it
with sigtool and view at the contents.
On Tue, Jan 21, 2014 at 1:40 PM, Alex mysqlstud...@gmail.com wrote:
It was an oversight on our end. Thank you for being persistent. The
offending bytecode has been dropped and the fixed code has been published.
On Thu, Dec 12, 2013 at 4:22 AM, Al Varnell alvarn...@mac.com wrote:
On Wed, Dec 11, 2013 at 06:56 AM, Douglas Goddard wrote:
When was your last
When was your last signature update? Could you run freshclam and then
rescan? That version of the bytecode signature has been dropped and should
no longer be alerting, the current version is BC.Exploit.CVE_2013_3906-3.
If that version is still alerting after an update then we will do some
deeper
You would put the signature (Ziptest:0:.*\.exe:*:*:*:*:*:*) into the file
virusexe.zmd. You can put all your signatures in that file, just put each
one on a new line.
Then, when you want to scan with it, just use:
clamscan -d virusexe.zmd
If you would like to scan a specific file or directory,
You can use a zmd signature detailed in this doc:
http://www.clamav.net/doc/latest/signatures.pdf
Here is an example signature for detecting files with the .sh extension:
Ziptest:0:.*\.sh:*:*:*:*:*:*
- Doug
On Tue, Sep 17, 2013 at 7:08 AM, Rajesh M 24x7ser...@24x7server.net wrote:
hi
i
It is a regular expression. So you could replace exe with something like
(exe|EXE) to detect both uppercase and lowercase.
- Doug
On Tue, Sep 17, 2013 at 3:05 PM, Alejandro Rodriguez arodrig...@b2ec.netwrote:
How I can ignore uppercase in a filename.
Right now i´m using foxhole_all.cdb to
I often get the locked by another process error when freshclam is running
in daemon mode.
$ sudo freshclam
ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log)
$ ps aux | grep clam
clamav2733
25 matches
Mail list logo
