Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

Depends on your operating system, but googling “how do I find the md5 of a file” for your OS should turn of plenty of results. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Sep 11, 2017, at 5:42 PM, Judd Grayzel <judd_gray...@yahoo.com<mail

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

You want to submit some false positives to us via the website, followup here with the md5s of the files you submit, the malware team can take a look. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Sep 11, 2017, at 3:06 PM, Judd Grayzel <

Re: [clamav-users] Signatures in md5sum not in sha256sum

Reported them to bugzilla? Sent from my iPhone On Sep 11, 2017, at 5:35 AM, Mark Allan <markjal...@gmail.com<mailto:markjal...@gmail.com>> wrote: On 8 Sep 2017, at 5:32 pm, Joel Esler (jesler) <jes...@cisco.com<mailto:jes...@cisco.com>> wrote: We don't have a sla

Re: [clamav-users] Signatures in md5sum not in sha256sum

We don’t have a slated date yet. We’ve had about 6000 downloads of the beta package and no reported bugs so far. So far, so good. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Sep 8, 2017, at 8:20 AM, Vijayakumar U <vj1...@gmail.com&l

Re: [clamav-users] When and what version will next release be?

99.3 is out for beta. Should release September. Sent from my iPhone On Aug 31, 2017, at 6:13 PM, Scott Kitterman > wrote: Last I recall hearing about the schedule, Cisco said they planned to release in July. Not sure what the plan is now.

Re: [clamav-users] When and what version will next release be?

We are currently planning the roadmap for 99.4 and 99.5. So if you have features for the engine itself we’d love to hear them! -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Aug 31, 2017, at 3:00 PM, Al Varnell <alvarn...@mac.com<mailto:alvar

Re: [clamav-users] Mirror issues and what we are doing to fix it

Dennis, The team has been cleaning this up almost all day. Expect the work to continue for awhile. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Aug 30, 2017, at 1:11 PM, Dennis Peterson <denni...@inetnw.com<mailto:denni...@inetnw.com>

Re: [clamav-users] Mirror issues and what we are doing to fix it

Gene, Thanks. I’ll give this to the ops team. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Aug 28, 2017, at 2:07 PM, Gene Heskett <ghesk...@shentel.net<mailto:ghesk...@shentel.net>> wrote: On Monday 28 August 2017 13:48:32 Joel Es

Re: [clamav-users] DNS issue: there is a loop

Hans, We are aware of this issue, and I have opened a ticket with our operations team. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Aug 30, 2017, at 8:46 AM, MAYER Hans <hans.ma...@iiasa.ac.at<mailto:hans.ma...@iiasa.ac.at>> wro

Re: [clamav-users] Mirror issues and what we are doing to fix it

As a quick followup to this, we’ve removed all the mirrors in the mirror list that no longer resolve. Yes, it took us longer than it should have to realize that this needed to be done, but it’s now done. Further improvements should continue in the coming days. -- Joel Esler | Talos: Manager

[clamav-users] Mirror issues and what we are doing to fix it

orward. Please continue to bear with us a little while longer. They always say things get worse before they get better. Right now, hopefully, we are at the “worst” stage. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@

Re: [clamav-users] Freshclam failure - Still ongoing???

Al — Thanks for responding. I’m going to write an email in a separate thread, so that people see it. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Aug 27, 2017, at 4:36 AM, Al Varnell <alvarn...@mac.com<mailto:alvarn...@mac.com>> w

Re: [clamav-users] Freshclam failure - Still ongoing???

ervers. However, the reports that we are seeing here, through social media, and the direct reports via the website are telling us that you need to delete mirrors.dat and the daily.cld file that are on your systems and re-run Freshclam. -- Joel Esler | Talos: Manager | jes...@cisco.com<m

Re: [clamav-users] Freshclam failure - Still ongoing???

I am discussing this with our team, about how to make this process not suck. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Aug 25, 2017, at 11:01 AM, Dennis Peterson <denni...@inetnw.com<mailto:denni...@inetnw.com>> wrote: This is aby

Re: [clamav-users] Freshclam failure - Still ongoing???

On it Sent from my iPhone > On Aug 25, 2017, at 5:14 AM, Paul Dean wrote: > > Oh shoot ClamAV ppl, help please... > > -- > > > Thanks > > Paul Dean. > > "Life is not WHAT you make it, it's WHO you have in it..." > > > On Fri, 25 Aug 2017 10:47:23 +0200 > maxal

Re: [clamav-users] Unable to download database

list? -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Aug 23, 2017, at 3:16 PM, Dennis Peterson <denni...@inetnw.com<mailto:denni...@inetnw.com>> wrote: After testing several of the DNS round robin aliases I found the db.ca.clamav.net<ht

[clamav-users] CVD Download issues for August 23, 2017

in the future. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive

Re: [clamav-users] ClamAV® blog: ClamAV 0.99.3 beta has been released!

Copy and paste error! Good catch -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Aug 4, 2017, at 3:09 AM, Matus UHLAR - fantomas <uh...@fantomas.sk<mailto:uh...@fantomas.sk>> wrote: On 03.08.17 23:04, Joel Esler (jesler) wrote: * Depreca

[clamav-users] ClamAV® blog: ClamAV 0.99.3 beta has been released!

=1' on FreeBSD 10.3 and 11.0 We ask that feedback be provided via the ClamAV mailing lists<http://www.clamav.net/contact#ml>. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> ___ clamav-users mai

Re: [clamav-users] Verify Integrity of ClamAV Sources: Unable to find Sourcefire VRT key

This should be fixed with the 99.3 release, which should be coming out soon. -- Joel Esler | Talos: Manager | jes...@cisco.com <mailto:jes...@cisco.com> > On Jul 28, 2017, at 1:09 AM, Al Varnell <alvarn...@mac.com> wrote: > > See if this helps: GPG signature probl

Re: [clamav-users] Please remove me

Click on the "lists" link below, and you will find directions for how to do it yourself. -- Sent from my iPhone > On Jul 10, 2017, at 08:30, Walker, Jason T. wrote: > > Thanks! > ___ > clamav-users mailing list >

Re: [clamav-users] New ClamAV update?

All the ones listed in that list are fixed if you are running the current version. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jul 3, 2017, at 9:54 AM, Mark Foley <mfo...@novatec-inc.com<mailto:mfo...@novatec-inc.com>> wrote: On Sun, 02

Re: [clamav-users] sanesecurity: Permission denied

Just for the record, I think it's fine that sanesecuirty posts are on this list. -- Sent from my iPhone > On Jul 3, 2017, at 07:23, Al Varnell wrote: > > None of these are ClamAV files, so you need to take this up with the >

Re: [clamav-users] clamav-0.99.2 Installation

If you are simply looking for a free antivirus engine for Windows, but also includes ClamAV, we recommend another product we make called Immunet. It also contains ClamAV, so you get the best of both worlds, for free. -- Sent from my iPhone > On Jul 2, 2017, at 13:10, G.W. Haywood

Re: [clamav-users] clamav-0.99.2 Installation

We no longer host any of the official downloads on Sourceforge. In fact, all projects that we maintain are moving off of sourceforge. -- Sent from my iPhone > On Jul 2, 2017, at 12:14, Andy Schmidt wrote: > > Hi David, > >>> I recently installed ClamWin (ver

Re: [clamav-users] New ClamAV update?

We are currently planning on 0.99.3 coming out near the end of July. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jun 29, 2017, at 5:10 PM, Al Varnell <alvarn...@mac.com<mailto:alvarn...@mac.com>> wrote: CVE-2012-6706 concerns a

Re: [clamav-users] GPG signature problem with clamav-0.99.2.tar.gz

Jim, Thanks. This look like the vulndev key. The correct key is on the contact page of Talosintelligence.com. We'll take a look here. -- Sent from my iPhone > On Jun 30, 2017, at 13:46, Jim Michaud wrote: > > I just downloaded clamav-0.99.2.tar.gz from >

Re: [clamav-users] Automated Signature Production

Al, I believe this is caused by another issue that we are working to resolve, one of our sample indexes is undergoing maintenance. We use this particular index to look up hashes and sizes for sample conviction. This should be fixed soon. -- Joel Esler | Talos: Manager | jes...@cisco.com

Re: [clamav-users] issues with mirror - 194.186.47.19

#1 Correct #2 Its in my backlog. But there are only so many hours in the day. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jun 15, 2017, at 6:31 PM, Al Varnell <alvarn...@mac.com<mailto:alvarn...@mac.com>> wrote: I am un

Re: [clamav-users] issues with mirror - 194.186.47.19

I got your post just fine. Maybe just that one recipient. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jun 15, 2017, at 1:12 PM, Orrick, Diana <orr...@fsu.edu<mailto:orr...@fsu.edu>> wrote: I don't know why my post failed fraud detect

Re: [clamav-users] Use on linux operating systems

Cause you provide five examples? So we can see if it's one particular error? -- Sent from my iPhone > On Jun 13, 2017, at 07:02, Paul Moreno <p...@paulmoreno.net> wrote: > > There are so many it's proven difficult to recommend the use of ClamAV. > >> On 13 Jun 20

Re: [clamav-users] Use on linux operating systems

Plus reports of those false positives would be fantastic. -- Sent from my iPhone > On Jun 13, 2017, at 06:53, Paul Moreno wrote: > > Thanks for the responses. As it stands now, the client get massive amounts > of false positives with seemingly no trigger. I’m working

Re: [clamav-users] Use on linux operating systems

Thanks Al, there's actually far more than that. Wonder how many signatures I have written that start with ELF or even APK. -- Sent from my iPhone > On Jun 13, 2017, at 06:10, Al Varnell wrote: > > Although ClamAV was originally introduced as mail scanner and does have

Re: [clamav-users] ClamAV® blog: ClamAV will be publishing a new Main.cvd on Wednesday, June 7th, 2017

We are still moving forward. But we are just waking up here in the US. -- Sent from my iPhone > On Jun 7, 2017, at 04:35, Andreas Schulze <andreas.schu...@datev.de> wrote: > >> Am 17.05.2017 um 16:56 schrieb Joel Esler (jesler): >> We are currently planning o

Re: [clamav-users] clamav-users Digest, Vol 150, Issue 19

I do agree that these features need to be decoupled. We’ve marked that as a feature we’d like to develop. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jun 1, 2017, at 2:44 AM, Reindl Harald <h.rei...@thelounge.net<mailto:h.rei...@thelounge

Re: [clamav-users] clamav-users Digest, Vol 150, Issue 19

So is it us that needs to adjust our software for something that PayPal is doing? Or should PayPal adjust what they are doing? -- Sent from my iPhone > On May 31, 2017, at 06:38, Al Varnell wrote: > > OK, I managed to clean it up enough and added a fake header so I could

Re: [clamav-users] Mail from Paypal wrongly identified as phishing by ClamAv

I assume G.W. means “using a URL that looks like something this”: src="https://102.112.2O7.net/b/ss/paypalglobal/1/G.4--NS/123456?pageName=system_email_PP1814” -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 18, 2017, at 1:15 PM, Reindl Har

Re: [clamav-users] about signature matching process

ClamAV will match on multiple signature types. By default it will only alert on the first match, but you can configure this differently. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 19, 2017, at 12:52 PM, Abdullah AL-Mutairy <abohabeeb1...@

Re: [clamav-users] WannaCry Homeland Security yara script. False positives?

Yes. We strip attachments. However, are there samples that are not being caught by the ClamAV ruleset? -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 17, 2017, at 6:30 PM, Al Varnell <alvarn...@mac.com<mailto:alvarn...@mac.com>>

Re: [clamav-users] New Main.cvd coming

main.cvd will receive a cdiff. So, the size will be considerably smaller than a full “main” push. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 17, 2017, at 10:48 AM, Joel Esler (jesler) <jes...@cisco.com<mailto:jes...@cisco.com>> w

[clamav-users] ClamAV® blog: ClamAV will be publishing a new Main.cvd on Wednesday, June 7th, 2017

As always, this will result in a period of heavy downloading following the release, and lighter loads from smaller "daily" cvds after. We will post an estimated size in an updated post. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>

Re: [clamav-users] New Main.cvd coming

I will talk to the team internally. I was going to to push the blog post out to the mirrors list and the users list, but I had people in and out of my office yesterday and didn’t get to it. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 17, 2017, a

Re: [clamav-users] New Main.cvd coming

I am sure I would get violent push back if I did that. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 17, 2017, at 7:04 AM, Andreas Schulze <andreas.schu...@datev.de<mailto:andreas.schu...@datev.de>> wrote: Am 17.05.2017 um 11:45 sch

Re: [clamav-users] Malware/ransomware and Yara signatures with clamav

: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf > Of Dennis Peterson > Sent: Tuesday, May 16, 2017 12:25 PM > To: ClamAV users ML > Subject: Re: [clamav-users] Malware/ransomware and Yara signatures with > clamav > > If not email what is the vector? >

Re: [clamav-users] Malware/ransomware and Yara signatures with clamav

. This is an ongoing threat. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 14, 2017, at 4:28 PM, Cedric Knight <ced...@gn.apc.org<mailto:ced...@gn.apc.org>> wrote: On 14/05/17 17:42, G.W. Haywood wrote: Are clamav users protected fr

Re: [clamav-users] Malware/ransomware and Yara signatures with clamav

ClamAV isn't only used for mail. Clamwin and Immunet client will catch this. -- Sent from my iPhone > On May 14, 2017, at 12:42, G.W. Haywood wrote: > > Hi there, > >> On Sun, 14 May 2017, Alex wrote: >> >> Are clamav users protected from this ransomware? > >

Re: [clamav-users] Question about ClamScan

It’s not that at all. They are working on ClamAV 99.3. I’ll call their attention to the devel list. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 12, 2017, at 2:47 PM, Dennis Peterson <denni...@inetnw.com<mailto:denni...@inetnw.com>&g

Re: [clamav-users] LibClamAV Warning

I thought this was fixed. -- Sent from my iPhone > On May 6, 2017, at 14:01, Rudy Stebih wrote: > > I filed a bug report for this. Bug #11837 > > Cheers, > Rudy > > >> On Wed, May 3, 2017 at 1:25 PM, David Raynor wrote: >> >> Bump for

Re: [clamav-users] ClamAV UnOfficial Database

sigs) The hash based sigs are a method for us to automatically get sigs out right now instead of later. As we all have other things we are doing. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 4, 2017, at 5:57 PM, Benny Pedersen <m...@junc.eu

Re: [clamav-users] ClamAV UnOfficial Database

3rd party signatures distributed by us, are signed. -- Sent from my iPhone > On May 4, 2017, at 08:27, Benny Pedersen <m...@junc.eu> wrote: > > Joel Esler (jesler) skrev den 2017-05-04 14:19: >> We'd have to evaluate which feeds would be appropriate for the ClamAV >

Re: [clamav-users] ClamAV UnOfficial Database

We'd have to evaluate which feeds would be appropriate for the ClamAV Db. The more coverage the better, with fewest false positives. -- Sent from my iPhone > On May 4, 2017, at 08:04, Benny Pedersen <m...@junc.eu> wrote: > > Joel Esler (jesler) skrev den 2017-05-04 13:52

Re: [clamav-users] ClamAV UnOfficial Database

We already distribute some third party feeds into the official database, we have a program for that which can be found on our website. We would love to incorporate Sanesecurity's feed, all they have to do is give us the okay to do it. -- Sent from my iPhone > On May 4, 2017, at 07:29,

Re: [clamav-users] Different results: Clamscan vs ClamWin

First thing I notice is that you are running two different versions of ClamAV. -- Sent from my iPhone > On May 2, 2017, at 20:08, Rafael Ferreira wrote: > > Can you tell us which virus you encountered? Also can you validate that the > file has the same checksum in both

Re: [clamav-users] No Signature updates for 30 hours?

Thanks all for this, it should be fixed now. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 1, 2017, at 9:21 AM, Mark Allan <markjal...@gmail.com<mailto:markjal...@gmail.com>> wrote: It looks like there's a problem with the DNS text r

Re: [clamav-users] Mirror problem

I’ve created a ticket for removal for our operations team. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 20, 2017, at 2:48 PM, Ted Hatfield <t...@io-tx.com<mailto:t...@io-tx.com>> wrote: On Thu, 20 Apr 2017, Kristen R. wrote: On 4/20/

Re: [clamav-users] Mirror problem

Thanks Ted. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 20, 2017, at 2:48 PM, Ted Hatfield <t...@io-tx.com<mailto:t...@io-tx.com>> wrote: On Thu, 20 Apr 2017, Kristen R. wrote: On 4/20/17 7:42 AM, Dennis Peterson wrote:

Re: [clamav-users] ClamAV for EnterPrise

our false positive system, which we are continually working on. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 20, 2017, at 12:49 AM, Al Varnell <alvarn...@mac.com<mailto:alvarn...@mac.com>> wrote: Benny, Obviously Joel is in

Re: [clamav-users] Another possible FP?

Are they FPs? Or just alerts? -- Sent from my iPhone > On Apr 23, 2017, at 14:17, "ad...@web-envy.com" wrote: > > I can confirm that today I did not get any of these FPs, however I am > getting a bunch of these instead. A lot of them are on older email messages > that look

Re: [clamav-users] ClamAV for EnterPrise

Alright all — I think the conversation and arguing has gone on long enough and we’ve beat not only the topic to death, but the topics after the topic are now dead. I’ve received enough complaints at this point to call a truce. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:

Re: [clamav-users] ClamAV for EnterPrise

9, 2017 8:20 AM >> To: ClamAV users ML <clamav-users@lists.clamav.net> >> Subject: Re: [clamav-users] ClamAV for EnterPrise >> >> @Joel >> >> That Sounds good but ClamAV is OpenSource.. how can we use it in >> Commercial Product ? >> >>>

Re: [clamav-users] ClamAV for EnterPrise

All -- ClamAV does not have any plans on making an enterprise version or management console. We make a commercial product for that, which also uses ClamAV in its engine. I think that settles the conversation. -- Sent from my iPhone > On Apr 19, 2017, at 04:08, Reindl Harald

Re: [clamav-users] Sporadic signature frequency

Its an optimization to how we do deletes on the backend build. Nothing forward facing. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 17, 2017, at 2:01 PM, Rafael Ferreira <r...@uvasoftware.com<mailto:r...@uvasoftware.com>> w

Re: [clamav-users] Sporadic signature frequency

for this, all of which require development, time, and bandwidth: 1. Make a new main.cvd and push it out (easiest fix) 2. Optimize how we do deletes But the beginning of this email is the reason. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 15, 2017, at 11

Re: [clamav-users] Identify Threat Risk Level with ClamAV

Wouldn’t all malware be a large risk? -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 14, 2017, at 12:47 AM, crazy thinker <crazythinke...@gmail.com<mailto:crazythinke...@gmail.com>> wrote: Hi ClamAV Developers,Users I know that ClamAV

Re: [clamav-users] Question about .cvd files

said in #2. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 12, 2017, at 12:13 PM, crazy thinker <crazythinke...@gmail.com<mailto:crazythinke...@gmail.com>> wrote: Hi ClamAV Developer, users I have below Questions on ClamAV Viru

Re: [clamav-users] Manual cdiff update procedure

Why would freshclam not be used? -- Sent from my iPhone > On Apr 6, 2017, at 07:36, venkat swaminathan wrote: > > Thanks Allan, > Mentioned below is my current progress. > all in /tmp/clam folder > > sigtool --unpack-current=daily (Unpacked Existing CVD from

Re: [clamav-users] Reporting malware/false negatives

Both of these have been marked and should ship in an upcoming CVD. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 2, 2017, at 4:44 PM, Alex <mysqlstud...@gmail.com<mailto:mysqlstud...@gmail.com>> wrote: Hi, I submitted a number of en

Re: [clamav-users] False Positive of IObit product by ClamAV

This signature has been dropped. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Mar 31, 2017, at 3:44 AM, Arnaud Jacques / SecuriteInfo.com<http://SecuriteInfo.com> <webmas...@securiteinfo.com<mailto:webmas...@securiteinfo.com>> wrote

Re: [clamav-users] Reporting malware/false negatives

I just added Doc.Dropper.Agent-6136130-0 to the scan system, it should be published today. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Mar 22, 2017, at 9:43 AM, Alex <mysqlstud...@gmail.com<mailto:mysqlstud...@gmail.com>> wrote:

Re: [clamav-users] Reporting malware/false negatives

Inline. -- Sent from my iPhone > On Mar 21, 2017, at 20:27, Alex wrote: > > Hi, I reported an encrypted word macro virus this morning, and this > evening it is still not detected by sanesecurity or clamav proper. > > How long does it typically take for a sample to be

Re: [clamav-users] ClamAV for windows: GUI and chocolatey package

\ On Mar 5, 2017, at 6:01 PM, Benny Pedersen <m...@junc.eu<mailto:m...@junc.eu>> wrote: Joel Esler (jesler) skrev den 2017-03-05 13:42: We make Immunet. It combines a cloud based detection engine with the offline capability of clamav. It's extremely effective and free. windo

Re: [clamav-users] (no subject)

These come in spurts. When we suddenly get a rash of 50-100 new people on the list for whatever reason, we get one or two of these. Part of being a member of a community. It sucks that we have these every now and again, and it can be annoying, but we just guide them to the exit and call

Re: [clamav-users] Daily 23161 broke Clam

. -- Sent from my iPhone > On Mar 5, 2017, at 22:29, Noel Jones <njo...@megan.vbhcs.org> wrote: > >> On 3/5/2017 6:51 AM, Joel Esler (jesler) wrote: >> The question here is, do we strive to make a package that is installable on >> more machines, (even ones that ar

Re: [clamav-users] R: Re: R: Re: ClamAV for windows: GUI and chocolatey package

wever, since I have asked about AV for windows which is all except that > free > and user privacy friendly, I can take a look at immunet. > Can you tell me if immunet uses ads, adware and something similar? > > Thank you > > >> Messaggio originale >> Da:

Re: [clamav-users] Daily 23161 broke Clam

interested in people's feedback, as right now, this thread seems to be about 50/50 (in requiring pcre 7) -- Sent from my iPhone > On Mar 5, 2017, at 06:39, Ned Slider <n...@unixmail.co.uk> wrote: > >> On 04/03/17 22:54, Joel Esler (jesler) wrote: >> We cannot be tied

Re: [clamav-users] R: Re: ClamAV for windows: GUI and chocolatey package

We make Immunet. It combines a cloud based detection engine with the offline capability of clamav. It's extremely effective and free. -- Sent from my iPhone > On Mar 5, 2017, at 05:46, "erotavlas_tu...@libero.it" > wrote: > > Hi, > whenever it is possible, I

Re: [clamav-users] Daily 23161 broke Clam

We cannot be tied to distribution support problems. -- Sent from my iPhone > On Mar 4, 2017, at 17:44, Benny Pedersen wrote: > > Leonardo Rodrigues skrev den 2017-03-04 23:12: >> is clamav a redhat product ?!?! I don't think so. That being said, i >> see absolutely no point at

Re: [clamav-users] Daily 23161 broke Clam

the future, or would it simply > disable pcre support in previous version of clamd that have not been upgraded? > > Thanks, > > Chris > >> On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote: >> A new daily with the Sig dropped. >> >> Probably what we will do to

Re: [clamav-users] Daily 23161 broke Clam

A new daily with the Sig dropped. Probably what we will do to prevent this from happening again, is to have 0.99.3 (the upcoming version) require pcre 7. How does that sound? -- Sent from my iPhone > On Mar 3, 2017, at 18:08, Chris Conn wrote: > > Hello, > > I hope you

Re: [clamav-users] Potentially False Positive, but I lost the file!

;> wrote: On 21/01/2017 18:44, Joel Esler (jesler) wrote: If you are so unhappy, why are you on the list? Please remain constructive and help out the community. -- Sent from my iPhone He asked: " I just wanted to ask you whether I can be sure, or should worry; I would

Re: [clamav-users] Potentially False Positive, but I lost the file!

-- Sent from my iPhone > On Jan 21, 2017, at 11:16 AM, Alain Zidouemba > wrote: > > Antonio, > > Unfortunately, I can't find any record of us having ever published > Win.Trojan.Agent-18112140. > Could the name of the signature that caused the FP be slightly

Re: [clamav-users] Potentially False Positive, but I lost the file!

Groach -- Sent from my iPhone > On Jan 21, 2017, at 10:43 AM, Groach > wrote: > > I would put my house on that it was a false positive 100%. Reasons for > saying so: > > 1, It was a windows installation CD > 2, Its a file nearly 20 years old > 3,

Re: [clamav-users] Submitting False Negatives

Are you using the most updated version of the tool? It should work. -- Sent from my iPhone > On Jan 11, 2017, at 11:07 AM, Tim Tepatti wrote: > > Hello, > > I recently started using ClamAV and have a small database of virus samples > on my computer. I noticed that when

Re: [clamav-users] Clam AV Integration with Thunderbird

What about on-access scanning ClamAV for Linux? -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jan 8, 2017, at 11:25 AM, Groach <groachmail-stopspammin...@yahoo.com<mailto:groachmail-stopspammin...@yahoo.com>> wrote: What you are talking a

Re: [clamav-users] Grizzly Steppe

http://blog.talosintel.com/2017/01/grizzly-steppe.html -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jan 5, 2017, at 11:40 AM, Joel Esler (jesler) <jes...@cisco.com<mailto:jes...@cisco.com>> wrote: AMP has far more coverage than ClamAV

Re: [clamav-users] Old virus databases?

I’d have to check, I am not sure we retain those. I don’t think they are available publicly anywhere either. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jan 5, 2017, at 1:39 PM, Michael Howard <mhow...@cra.com<mailto:mhow...@cra.com>

Re: [clamav-users] Grizzly Steppe

AMP has far more coverage than ClamAV. As the coverage can be generated much more quickly and without a DB to download, it happens in real time. As far as coverage for ClamAV, and Alain can correct me if I am wrong, I believe coverage has been pushed out. -- Joel Esler | Talos: Manager | jes

Re: [clamav-users] Grizzly Steppe

Where did you sent them? -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jan 4, 2017, at 7:12 PM, TR Shaw <ts...@oitc.com<mailto:ts...@oitc.com>> wrote: I have offered sigs to ClamAV official but have heard nothing back yet. On Jan 4, 2017

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

Because the address is bugzilla.clamav.net. This will be fixed by removing the bugs.clamav.net dns entry. But I don't want to remove it until the links inside the tarball + any documentation has been adjusted to say bugzilla. -- Sent from my iPhone > On Dec 29, 2016, at 10:05 AM, Benny

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

We are showing that all Toa signatures have been dropped. Please run freshclam to drop the sigs. -- Sent from my iPhone > On Dec 29, 2016, at 8:03 AM, Joel Esler (jesler) <jes...@cisco.com> wrote: > > I'm not dismissing anything. (Except the notion that I am dismissing thin

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

I'm not dismissing anything. (Except the notion that I am dismissing things). I know one of our guys is monitoring the list during the holiday. I'll ping him. -- Sent from my iPhone > On Dec 29, 2016, at 7:07 AM, Groach > wrote: > >> On 29/12/2016

Re: [clamav-users] Submitted false-negative still not detected

Alex, Regarding the ticket and confirmation piece, we are working on that. -- Sent from my iPhone > On Dec 27, 2016, at 8:21 PM, Alex wrote: > > Hi, > > I submitted a false-negative a few days ago and it still is not > detected after the most recent update. It

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

Are you able to submit the files via the website? -- Sent from my Apple Watch On Dec 27, 2016, at 3:08 PM, Adnan de Castro Donato wrote: > > In keeping with one false positive reports > I have 8 CentOS servers report below after Signatures Published daily - 22782

Re: [clamav-users] Probable False Positive - OpenJDK-1.8 nashorn.jar : Win.Trojan.Toa-5370166-0

I believe that signature has been dropped. -- Sent from my iPhone > On Dec 26, 2016, at 11:08 PM, Christian Balzer <ch...@gol.com> wrote: > > > Hello, > >> On Tue, 27 Dec 2016 03:06:31 + Joel Esler (jesler) wrote: >> >> We QA against thousands of

Re: [clamav-users] Probable False Positive - OpenJDK-1.8 nashorn.jar : Win.Trojan.Toa-5370166-0

We QA against thousands of clean files for each signature. But we don't have s copy of every foe in the world to QA against. When people send in false positives, if we determine them to be actually clean, we add them to the FP farm as well. That's why FPs are important to send in, not just

Re: [clamav-users] the problem of endless loop

The 0.97.x tree is EOL: http://blog.clamav.net/2016/05/clamav-097-engine-end-of-life.html I recommend upgrading to a newer version. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Dec 19, 2016, at 6:56 PM, Tsutomu Oyamada <oyam...@promar

Re: [clamav-users] Central management server?

This is probably found exclusively in an enterprise system. We have it in our AMP product that we sell (which uses ClamAV as one of its engines), but I am not aware of any free enterprise management of AV software. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.

Re: [clamav-users] Question on attachments

File types are based upon their contents. Not their extensions. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Dec 12, 2016, at 11:43 AM, TR Shaw <ts...@oitc.com<mailto:ts...@oitc.com>> wrote: How does ClamAV decide to unpack an attachme

Re: [clamav-users] bugzilla security certificate

ClamAV is not the only project we run. When you all (or we) discover an issue, I take that information, file a ticket with our operations team, and the issues are resolved as we get to them, just like any other infrastructure. Not only do we run ClamAV, but we run Snort, and entire Talos

Re: [clamav-users] Building ClamAV for Android PC

Throughout the years of the project we've had many people say they want to do this, but I've never heard of anyone that actually has. -- Sent from my iPhone > On Dec 10, 2016, at 12:14 PM, crazy thinker wrote: > > Hi All, > > i have installed remix os on personal

<    2   3   4   5   6   7   8   9   10   11   >