Depends on your operating system, but googling “how do I find the md5 of a
file” for your OS should turn of plenty of results.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Sep 11, 2017, at 5:42 PM, Judd Grayzel
<judd_gray...@yahoo.com<mail
You want to submit some false positives to us via the website, followup here
with the md5s of the files you submit, the malware team can take a look.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Sep 11, 2017, at 3:06 PM, Judd Grayzel
<
Reported them to bugzilla?
Sent from my iPhone
On Sep 11, 2017, at 5:35 AM, Mark Allan
<markjal...@gmail.com<mailto:markjal...@gmail.com>> wrote:
On 8 Sep 2017, at 5:32 pm, Joel Esler (jesler)
<jes...@cisco.com<mailto:jes...@cisco.com>> wrote:
We don't have a sla
We don’t have a slated date yet. We’ve had about 6000 downloads of the beta
package and no reported bugs so far.
So far, so good.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Sep 8, 2017, at 8:20 AM, Vijayakumar U
<vj1...@gmail.com&l
99.3 is out for beta. Should release September.
Sent from my iPhone
On Aug 31, 2017, at 6:13 PM, Scott Kitterman
> wrote:
Last I recall hearing about the schedule, Cisco said they planned to release in
July. Not sure what the plan is now.
We are currently planning the roadmap for 99.4 and 99.5. So if you have
features for the engine itself we’d love to hear them!
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Aug 31, 2017, at 3:00 PM, Al Varnell
<alvarn...@mac.com<mailto:alvar
Dennis,
The team has been cleaning this up almost all day. Expect the work to continue
for awhile.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Aug 30, 2017, at 1:11 PM, Dennis Peterson
<denni...@inetnw.com<mailto:denni...@inetnw.com>
Gene,
Thanks. I’ll give this to the ops team.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Aug 28, 2017, at 2:07 PM, Gene Heskett
<ghesk...@shentel.net<mailto:ghesk...@shentel.net>> wrote:
On Monday 28 August 2017 13:48:32 Joel Es
Hans,
We are aware of this issue, and I have opened a ticket with our operations team.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Aug 30, 2017, at 8:46 AM, MAYER Hans
<hans.ma...@iiasa.ac.at<mailto:hans.ma...@iiasa.ac.at>> wro
As a quick followup to this, we’ve removed all the mirrors in the mirror list
that no longer resolve. Yes, it took us longer than it should have to realize
that this needed to be done, but it’s now done.
Further improvements should continue in the coming days.
--
Joel Esler | Talos: Manager
orward.
Please continue to bear with us a little while longer. They always say things
get worse before they get better. Right now, hopefully, we are at the “worst”
stage.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@
Al —
Thanks for responding. I’m going to write an email in a separate thread, so
that people see it.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Aug 27, 2017, at 4:36 AM, Al Varnell
<alvarn...@mac.com<mailto:alvarn...@mac.com>> w
ervers. However, the reports that we are seeing here, through
social media, and the direct reports via the website are telling us that you
need to delete mirrors.dat and the daily.cld file that are on your systems and
re-run Freshclam.
--
Joel Esler | Talos: Manager | jes...@cisco.com<m
I am discussing this with our team, about how to make this process not suck.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Aug 25, 2017, at 11:01 AM, Dennis Peterson
<denni...@inetnw.com<mailto:denni...@inetnw.com>> wrote:
This is aby
On it
Sent from my iPhone
> On Aug 25, 2017, at 5:14 AM, Paul Dean wrote:
>
> Oh shoot ClamAV ppl, help please...
>
> --
>
>
> Thanks
>
> Paul Dean.
>
> "Life is not WHAT you make it, it's WHO you have in it..."
>
>
> On Fri, 25 Aug 2017 10:47:23 +0200
> maxal
list?
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Aug 23, 2017, at 3:16 PM, Dennis Peterson
<denni...@inetnw.com<mailto:denni...@inetnw.com>> wrote:
After testing several of the DNS round robin aliases I found the
db.ca.clamav.net<ht
in the future.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive
Copy and paste error!
Good catch
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Aug 4, 2017, at 3:09 AM, Matus UHLAR - fantomas
<uh...@fantomas.sk<mailto:uh...@fantomas.sk>> wrote:
On 03.08.17 23:04, Joel Esler (jesler) wrote:
* Depreca
=1' on FreeBSD 10.3 and 11.0
We ask that feedback be provided via the ClamAV mailing
lists<http://www.clamav.net/contact#ml>.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
___
clamav-users mai
This should be fixed with the 99.3 release, which should be coming out soon.
--
Joel Esler | Talos: Manager | jes...@cisco.com <mailto:jes...@cisco.com>
> On Jul 28, 2017, at 1:09 AM, Al Varnell <alvarn...@mac.com> wrote:
>
> See if this helps: GPG signature probl
Click on the "lists" link below, and you will find directions for how to do it
yourself.
--
Sent from my iPhone
> On Jul 10, 2017, at 08:30, Walker, Jason T. wrote:
>
> Thanks!
> ___
> clamav-users mailing list
>
All the ones listed in that list are fixed if you are running the current
version.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Jul 3, 2017, at 9:54 AM, Mark Foley
<mfo...@novatec-inc.com<mailto:mfo...@novatec-inc.com>> wrote:
On Sun, 02
Just for the record, I think it's fine that sanesecuirty posts are on this
list.
--
Sent from my iPhone
> On Jul 3, 2017, at 07:23, Al Varnell wrote:
>
> None of these are ClamAV files, so you need to take this up with the
>
If you are simply looking for a free antivirus engine for Windows, but also
includes ClamAV, we recommend another product we make called Immunet.
It also contains ClamAV, so you get the best of both worlds, for free.
--
Sent from my iPhone
> On Jul 2, 2017, at 13:10, G.W. Haywood
We no longer host any of the official downloads on Sourceforge. In fact, all
projects that we maintain are moving off of sourceforge.
--
Sent from my iPhone
> On Jul 2, 2017, at 12:14, Andy Schmidt wrote:
>
> Hi David,
>
>>> I recently installed ClamWin (ver
We are currently planning on 0.99.3 coming out near the end of July.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Jun 29, 2017, at 5:10 PM, Al Varnell
<alvarn...@mac.com<mailto:alvarn...@mac.com>> wrote:
CVE-2012-6706 concerns a
Jim,
Thanks. This look like the vulndev key. The correct key is on the contact
page of Talosintelligence.com.
We'll take a look here.
--
Sent from my iPhone
> On Jun 30, 2017, at 13:46, Jim Michaud wrote:
>
> I just downloaded clamav-0.99.2.tar.gz from
>
Al,
I believe this is caused by another issue that we are working to resolve, one
of our sample indexes is undergoing maintenance. We use this particular index
to look up hashes and sizes for sample conviction. This should be fixed soon.
--
Joel Esler | Talos: Manager | jes...@cisco.com
#1 Correct
#2 Its in my backlog. But there are only so many hours in the day.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Jun 15, 2017, at 6:31 PM, Al Varnell
<alvarn...@mac.com<mailto:alvarn...@mac.com>> wrote:
I am un
I got your post just fine. Maybe just that one recipient.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Jun 15, 2017, at 1:12 PM, Orrick, Diana
<orr...@fsu.edu<mailto:orr...@fsu.edu>> wrote:
I don't know why my post failed fraud detect
Cause you provide five examples? So we can see if it's one particular error?
--
Sent from my iPhone
> On Jun 13, 2017, at 07:02, Paul Moreno <p...@paulmoreno.net> wrote:
>
> There are so many it's proven difficult to recommend the use of ClamAV.
>
>> On 13 Jun 20
Plus reports of those false positives would be fantastic.
--
Sent from my iPhone
> On Jun 13, 2017, at 06:53, Paul Moreno wrote:
>
> Thanks for the responses. As it stands now, the client get massive amounts
> of false positives with seemingly no trigger. I’m working
Thanks Al, there's actually far more than that. Wonder how many signatures I
have written that start with ELF or even APK.
--
Sent from my iPhone
> On Jun 13, 2017, at 06:10, Al Varnell wrote:
>
> Although ClamAV was originally introduced as mail scanner and does have
We are still moving forward. But we are just waking up here in the US.
--
Sent from my iPhone
> On Jun 7, 2017, at 04:35, Andreas Schulze <andreas.schu...@datev.de> wrote:
>
>> Am 17.05.2017 um 16:56 schrieb Joel Esler (jesler):
>> We are currently planning o
I do agree that these features need to be decoupled. We’ve marked that as a
feature we’d like to develop.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Jun 1, 2017, at 2:44 AM, Reindl Harald
<h.rei...@thelounge.net<mailto:h.rei...@thelounge
So is it us that needs to adjust our software for something that PayPal is
doing? Or should PayPal adjust what they are doing?
--
Sent from my iPhone
> On May 31, 2017, at 06:38, Al Varnell wrote:
>
> OK, I managed to clean it up enough and added a fake header so I could
I assume G.W. means “using a URL that looks like something this”:
src="https://102.112.2O7.net/b/ss/paypalglobal/1/G.4--NS/123456?pageName=system_email_PP1814”
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On May 18, 2017, at 1:15 PM, Reindl Har
ClamAV will match on multiple signature types. By default it will only alert
on the first match, but you can configure this differently.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On May 19, 2017, at 12:52 PM, Abdullah AL-Mutairy
<abohabeeb1...@
Yes. We strip attachments.
However, are there samples that are not being caught by the ClamAV ruleset?
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On May 17, 2017, at 6:30 PM, Al Varnell
<alvarn...@mac.com<mailto:alvarn...@mac.com>>
main.cvd will receive a cdiff. So, the size will be considerably smaller than
a full “main” push.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On May 17, 2017, at 10:48 AM, Joel Esler (jesler)
<jes...@cisco.com<mailto:jes...@cisco.com>> w
As always, this will result in a period of heavy downloading following the
release, and lighter loads from smaller "daily" cvds after.
We will post an estimated size in an updated post.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
I will talk to the team internally.
I was going to to push the blog post out to the mirrors list and the users
list, but I had people in and out of my office yesterday and didn’t get to it.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On May 17, 2017, a
I am sure I would get violent push back if I did that.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On May 17, 2017, at 7:04 AM, Andreas Schulze
<andreas.schu...@datev.de<mailto:andreas.schu...@datev.de>> wrote:
Am 17.05.2017 um 11:45 sch
: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf
> Of Dennis Peterson
> Sent: Tuesday, May 16, 2017 12:25 PM
> To: ClamAV users ML
> Subject: Re: [clamav-users] Malware/ransomware and Yara signatures with
> clamav
>
> If not email what is the vector?
>
.
This is an ongoing threat.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On May 14, 2017, at 4:28 PM, Cedric Knight
<ced...@gn.apc.org<mailto:ced...@gn.apc.org>> wrote:
On 14/05/17 17:42, G.W. Haywood wrote:
Are clamav users protected fr
ClamAV isn't only used for mail. Clamwin and Immunet client will catch this.
--
Sent from my iPhone
> On May 14, 2017, at 12:42, G.W. Haywood wrote:
>
> Hi there,
>
>> On Sun, 14 May 2017, Alex wrote:
>>
>> Are clamav users protected from this ransomware?
>
>
It’s not that at all. They are working on ClamAV 99.3. I’ll call their
attention to the devel list.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On May 12, 2017, at 2:47 PM, Dennis Peterson
<denni...@inetnw.com<mailto:denni...@inetnw.com>&g
I thought this was fixed.
--
Sent from my iPhone
> On May 6, 2017, at 14:01, Rudy Stebih wrote:
>
> I filed a bug report for this. Bug #11837
>
> Cheers,
> Rudy
>
>
>> On Wed, May 3, 2017 at 1:25 PM, David Raynor wrote:
>>
>> Bump for
sigs)
The hash based sigs are a method for us to automatically get sigs out right now
instead of later. As we all have other things we are doing.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On May 4, 2017, at 5:57 PM, Benny Pedersen <m...@junc.eu
3rd party signatures distributed by us, are signed.
--
Sent from my iPhone
> On May 4, 2017, at 08:27, Benny Pedersen <m...@junc.eu> wrote:
>
> Joel Esler (jesler) skrev den 2017-05-04 14:19:
>> We'd have to evaluate which feeds would be appropriate for the ClamAV
>
We'd have to evaluate which feeds would be appropriate for the ClamAV Db. The
more coverage the better, with fewest false positives.
--
Sent from my iPhone
> On May 4, 2017, at 08:04, Benny Pedersen <m...@junc.eu> wrote:
>
> Joel Esler (jesler) skrev den 2017-05-04 13:52
We already distribute some third party feeds into the official database, we
have a program for that which can be found on our website.
We would love to incorporate Sanesecurity's feed, all they have to do is give
us the okay to do it.
--
Sent from my iPhone
> On May 4, 2017, at 07:29,
First thing I notice is that you are running two different versions of ClamAV.
--
Sent from my iPhone
> On May 2, 2017, at 20:08, Rafael Ferreira wrote:
>
> Can you tell us which virus you encountered? Also can you validate that the
> file has the same checksum in both
Thanks all for this, it should be fixed now.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On May 1, 2017, at 9:21 AM, Mark Allan
<markjal...@gmail.com<mailto:markjal...@gmail.com>> wrote:
It looks like there's a problem with the DNS text r
I’ve created a ticket for removal for our operations team.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Apr 20, 2017, at 2:48 PM, Ted Hatfield
<t...@io-tx.com<mailto:t...@io-tx.com>> wrote:
On Thu, 20 Apr 2017, Kristen R. wrote:
On 4/20/
Thanks Ted.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Apr 20, 2017, at 2:48 PM, Ted Hatfield
<t...@io-tx.com<mailto:t...@io-tx.com>> wrote:
On Thu, 20 Apr 2017, Kristen R. wrote:
On 4/20/17 7:42 AM, Dennis Peterson wrote:
our false positive system, which
we are continually working on.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Apr 20, 2017, at 12:49 AM, Al Varnell
<alvarn...@mac.com<mailto:alvarn...@mac.com>> wrote:
Benny,
Obviously Joel is in
Are they FPs? Or just alerts?
--
Sent from my iPhone
> On Apr 23, 2017, at 14:17, "ad...@web-envy.com" wrote:
>
> I can confirm that today I did not get any of these FPs, however I am
> getting a bunch of these instead. A lot of them are on older email messages
> that look
Alright all —
I think the conversation and arguing has gone on long enough and we’ve beat not
only the topic to death, but the topics after the topic are now dead.
I’ve received enough complaints at this point to call a truce.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:
9, 2017 8:20 AM
>> To: ClamAV users ML <clamav-users@lists.clamav.net>
>> Subject: Re: [clamav-users] ClamAV for EnterPrise
>>
>> @Joel
>>
>> That Sounds good but ClamAV is OpenSource.. how can we use it in
>> Commercial Product ?
>>
>>>
All --
ClamAV does not have any plans on making an enterprise version or management
console. We make a commercial product for that, which also uses ClamAV in its
engine.
I think that settles the conversation.
--
Sent from my iPhone
> On Apr 19, 2017, at 04:08, Reindl Harald
Its an optimization to how we do deletes on the backend build. Nothing forward
facing.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Apr 17, 2017, at 2:01 PM, Rafael Ferreira
<r...@uvasoftware.com<mailto:r...@uvasoftware.com>> w
for this, all of which require development, time, and bandwidth:
1. Make a new main.cvd and push it out (easiest fix)
2. Optimize how we do deletes
But the beginning of this email is the reason.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Apr 15, 2017, at 11
Wouldn’t all malware be a large risk?
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Apr 14, 2017, at 12:47 AM, crazy thinker
<crazythinke...@gmail.com<mailto:crazythinke...@gmail.com>> wrote:
Hi ClamAV Developers,Users
I know that ClamAV
said in #2.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Apr 12, 2017, at 12:13 PM, crazy thinker
<crazythinke...@gmail.com<mailto:crazythinke...@gmail.com>> wrote:
Hi ClamAV Developer, users
I have below Questions on ClamAV Viru
Why would freshclam not be used?
--
Sent from my iPhone
> On Apr 6, 2017, at 07:36, venkat swaminathan wrote:
>
> Thanks Allan,
> Mentioned below is my current progress.
> all in /tmp/clam folder
>
> sigtool --unpack-current=daily (Unpacked Existing CVD from
Both of these have been marked and should ship in an upcoming CVD.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Apr 2, 2017, at 4:44 PM, Alex
<mysqlstud...@gmail.com<mailto:mysqlstud...@gmail.com>> wrote:
Hi,
I submitted a number of en
This signature has been dropped.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Mar 31, 2017, at 3:44 AM, Arnaud Jacques /
SecuriteInfo.com<http://SecuriteInfo.com>
<webmas...@securiteinfo.com<mailto:webmas...@securiteinfo.com>> wrote
I just added Doc.Dropper.Agent-6136130-0 to the scan system, it should be
published today.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Mar 22, 2017, at 9:43 AM, Alex
<mysqlstud...@gmail.com<mailto:mysqlstud...@gmail.com>> wrote:
Inline.
--
Sent from my iPhone
> On Mar 21, 2017, at 20:27, Alex wrote:
>
> Hi, I reported an encrypted word macro virus this morning, and this
> evening it is still not detected by sanesecurity or clamav proper.
>
> How long does it typically take for a sample to be
\
On Mar 5, 2017, at 6:01 PM, Benny Pedersen <m...@junc.eu<mailto:m...@junc.eu>>
wrote:
Joel Esler (jesler) skrev den 2017-03-05 13:42:
We make Immunet. It combines a cloud based detection engine with the
offline capability of clamav. It's extremely effective and free.
windo
These come in spurts. When we suddenly get a rash of 50-100 new people on the
list for whatever reason, we get one or two of these.
Part of being a member of a community. It sucks that we have these every now
and again, and it can be annoying, but we just guide them to the exit and call
.
--
Sent from my iPhone
> On Mar 5, 2017, at 22:29, Noel Jones <njo...@megan.vbhcs.org> wrote:
>
>> On 3/5/2017 6:51 AM, Joel Esler (jesler) wrote:
>> The question here is, do we strive to make a package that is installable on
>> more machines, (even ones that ar
wever, since I have asked about AV for windows which is all except that
> free
> and user privacy friendly, I can take a look at immunet.
> Can you tell me if immunet uses ads, adware and something similar?
>
> Thank you
>
>
>> Messaggio originale
>> Da:
interested in people's feedback, as right now, this thread seems to
be about 50/50 (in requiring pcre 7)
--
Sent from my iPhone
> On Mar 5, 2017, at 06:39, Ned Slider <n...@unixmail.co.uk> wrote:
>
>> On 04/03/17 22:54, Joel Esler (jesler) wrote:
>> We cannot be tied
We make Immunet. It combines a cloud based detection engine with the offline
capability of clamav. It's extremely effective and free.
--
Sent from my iPhone
> On Mar 5, 2017, at 05:46, "erotavlas_tu...@libero.it"
> wrote:
>
> Hi,
> whenever it is possible, I
We cannot be tied to distribution support problems.
--
Sent from my iPhone
> On Mar 4, 2017, at 17:44, Benny Pedersen wrote:
>
> Leonardo Rodrigues skrev den 2017-03-04 23:12:
>> is clamav a redhat product ?!?! I don't think so. That being said, i
>> see absolutely no point at
the future, or would it simply
> disable pcre support in previous version of clamd that have not been upgraded?
>
> Thanks,
>
> Chris
>
>> On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote:
>> A new daily with the Sig dropped.
>>
>> Probably what we will do to
A new daily with the Sig dropped.
Probably what we will do to prevent this from happening again, is to have
0.99.3 (the upcoming version) require pcre 7.
How does that sound?
--
Sent from my iPhone
> On Mar 3, 2017, at 18:08, Chris Conn wrote:
>
> Hello,
>
> I hope you
;>
wrote:
On 21/01/2017 18:44, Joel Esler (jesler) wrote:
If you are so unhappy, why are you on the list?
Please remain constructive and help out the community.
--
Sent from my iPhone
He asked:
" I just wanted to ask you whether I can be sure, or should worry; I would
--
Sent from my iPhone
> On Jan 21, 2017, at 11:16 AM, Alain Zidouemba
> wrote:
>
> Antonio,
>
> Unfortunately, I can't find any record of us having ever published
> Win.Trojan.Agent-18112140.
> Could the name of the signature that caused the FP be slightly
Groach
--
Sent from my iPhone
> On Jan 21, 2017, at 10:43 AM, Groach
> wrote:
>
> I would put my house on that it was a false positive 100%. Reasons for
> saying so:
>
> 1, It was a windows installation CD
> 2, Its a file nearly 20 years old
> 3,
Are you using the most updated version of the tool? It should work.
--
Sent from my iPhone
> On Jan 11, 2017, at 11:07 AM, Tim Tepatti wrote:
>
> Hello,
>
> I recently started using ClamAV and have a small database of virus samples
> on my computer. I noticed that when
What about on-access scanning ClamAV for Linux?
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Jan 8, 2017, at 11:25 AM, Groach
<groachmail-stopspammin...@yahoo.com<mailto:groachmail-stopspammin...@yahoo.com>>
wrote:
What you are talking a
http://blog.talosintel.com/2017/01/grizzly-steppe.html
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Jan 5, 2017, at 11:40 AM, Joel Esler (jesler)
<jes...@cisco.com<mailto:jes...@cisco.com>> wrote:
AMP has far more coverage than ClamAV
I’d have to check, I am not sure we retain those. I don’t think they are
available publicly anywhere either.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Jan 5, 2017, at 1:39 PM, Michael Howard
<mhow...@cra.com<mailto:mhow...@cra.com>
AMP has far more coverage than ClamAV. As the coverage can be generated much
more quickly and without a DB to download, it happens in real time.
As far as coverage for ClamAV, and Alain can correct me if I am wrong, I
believe coverage has been pushed out.
--
Joel Esler | Talos: Manager | jes
Where did you sent them?
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Jan 4, 2017, at 7:12 PM, TR Shaw <ts...@oitc.com<mailto:ts...@oitc.com>>
wrote:
I have offered sigs to ClamAV official but have heard nothing back yet.
On Jan 4, 2017
Because the address is bugzilla.clamav.net.
This will be fixed by removing the bugs.clamav.net dns entry. But I don't
want to remove it until the links inside the tarball + any documentation has
been adjusted to say bugzilla.
--
Sent from my iPhone
> On Dec 29, 2016, at 10:05 AM, Benny
We are showing that all Toa signatures have been dropped. Please run freshclam
to drop the sigs.
--
Sent from my iPhone
> On Dec 29, 2016, at 8:03 AM, Joel Esler (jesler) <jes...@cisco.com> wrote:
>
> I'm not dismissing anything. (Except the notion that I am dismissing thin
I'm not dismissing anything. (Except the notion that I am dismissing things).
I know one of our guys is monitoring the list during the holiday. I'll ping
him.
--
Sent from my iPhone
> On Dec 29, 2016, at 7:07 AM, Groach
> wrote:
>
>> On 29/12/2016
Alex,
Regarding the ticket and confirmation piece, we are working on that.
--
Sent from my iPhone
> On Dec 27, 2016, at 8:21 PM, Alex wrote:
>
> Hi,
>
> I submitted a false-negative a few days ago and it still is not
> detected after the most recent update. It
Are you able to submit the files via the website?
--
Sent from my Apple Watch
On Dec 27, 2016, at 3:08 PM, Adnan de Castro Donato
wrote:
>
> In keeping with one false positive reports
> I have 8 CentOS servers report below after Signatures Published daily - 22782
I believe that signature has been dropped.
--
Sent from my iPhone
> On Dec 26, 2016, at 11:08 PM, Christian Balzer <ch...@gol.com> wrote:
>
>
> Hello,
>
>> On Tue, 27 Dec 2016 03:06:31 + Joel Esler (jesler) wrote:
>>
>> We QA against thousands of
We QA against thousands of clean files for each signature. But we don't have s
copy of every foe in the world to QA against.
When people send in false positives, if we determine them to be actually clean,
we add them to the FP farm as well. That's why FPs are important to send in,
not just
The 0.97.x tree is EOL:
http://blog.clamav.net/2016/05/clamav-097-engine-end-of-life.html
I recommend upgrading to a newer version.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Dec 19, 2016, at 6:56 PM, Tsutomu Oyamada
<oyam...@promar
This is probably found exclusively in an enterprise system.
We have it in our AMP product that we sell (which uses ClamAV as one of its
engines), but I am not aware of any free enterprise management of AV software.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.
File types are based upon their contents. Not their extensions.
--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
On Dec 12, 2016, at 11:43 AM, TR Shaw <ts...@oitc.com<mailto:ts...@oitc.com>>
wrote:
How does ClamAV decide to unpack an attachme
ClamAV is not the only project we run. When you all (or we) discover an issue,
I take that information, file a ticket with our operations team, and the issues
are resolved as we get to them, just like any other infrastructure. Not only
do we run ClamAV, but we run Snort, and entire Talos
Throughout the years of the project we've had many people say they want to do
this, but I've never heard of anyone that actually has.
--
Sent from my iPhone
> On Dec 10, 2016, at 12:14 PM, crazy thinker wrote:
>
> Hi All,
>
> i have installed remix os on personal
601 - 700 of 1118 matches
Mail list logo