> On 2009-09-24 16:01, Jari Fredriksson wrote:
>>> Hello Jari,
>>>
>>>
clamav NOW detects that even without pua, things
updated. But the older DHL-incoices. No. Not even with
detect-pua=yes.
>>> what does the form answer you when you try to submit it?
>>> It should reject it
At 9:53 AM -0400 9/24/09, Tom Shaw wrote:
At 2:19 PM +0100 9/24/09, Steve Basford wrote:
> Yeah, we already know that. Can you please cut&paste the full message
returned by the form? Thanks,
Hi Luca,
I've *just* uploaded 4 copies of the dhl invoice malware that have been
missed by up-to-da
At 2:19 PM +0100 9/24/09, Steve Basford wrote:
> Yeah, we already know that. Can you please cut&paste the full message
returned by the form? Thanks,
Hi Luca,
I've *just* uploaded 4 copies of the dhl invoice malware that have been
missed by up-to-date official sigs.
These were blocked using
> Yeah, we already know that. Can you please cut&paste the full message
> returned by the form? Thanks,
Hi Luca,
I've *just* uploaded 4 copies of the dhl invoice malware that have been
missed by up-to-date official sigs.
These were blocked using Sanesecurity.Malware.12505.UNOFFICIAL.
Hope it h
Hello Jari,
> >> clamav NOW detects that even without pua, things updated.
> >> But the older DHL-incoices. No. Not even with
> >> detect-pua=yes.
> > what does the form answer you when you try to submit it?
> > It should reject it with a message.
> > That message can help us to track down the i
On 2009-09-24 16:01, Jari Fredriksson wrote:
>> Hello Jari,
>>
>>
>>> clamav NOW detects that even without pua, things updated.
>>> But the older DHL-incoices. No. Not even with
>>> detect-pua=yes.
>>>
>> what does the form answer you when you try to submit it?
>> It should reject it w
> Hello Jari,
>
>> clamav NOW detects that even without pua, things updated.
>> But the older DHL-incoices. No. Not even with
>> detect-pua=yes.
>
> what does the form answer you when you try to submit it?
> It should reject it with a message.
>
> That message can help us to track down the issu
Hello Jari,
> clamav NOW detects that even without pua, things updated.
> But the older DHL-incoices. No. Not even with detect-pua=yes.
what does the form answer you when you try to submit it? It should
reject it with a message.
That message can help us to track down the issue.
Best regards
-
>> Seems to work. I just got this:
>>
>> --
>> A virus was found: W32/Downldr3.GW
>>
>> Banned name: .exe,.exe-ms,open.exe
>> Scanners detecting a virus: F-PROT Antivirus for UNIX,
>> BitDefender
>>
>> Content type: Virus
>> Internal reference
On 2009-09-24 01:02, Jari Fredriksson wrote:
>> I am a tad confused about your reporting comment as the
>> clamav web reporting mechanism works fine at least for me
>> and you can also
>> report via virustotal as well.
>>
>> Anyway glad your happy with your config.
>>
>> Tom
>>
>> btw its winnow a
> I am a tad confused about your reporting comment as the
> clamav web reporting mechanism works fine at least for me
> and you can also
> report via virustotal as well.
>
> Anyway glad your happy with your config.
>
> Tom
>
> btw its winnow as in to remove the wheat from the chaff
> and has
>
> Jari Fredriksson wrote:
>
>> I give rat's ass to WinNow. If I would have been
>> interested in SaneSecurity or WinNow I would have
>> installed those again, and tested with them.
>>
>
> Don't let it fall through the cracks that people here are
> trying to help you.
>
Of course, just like I
At 12:20 AM +0300 9/24/09, Jari Fredriksson wrote:
>>
This is what I found about Phishing and Heuristics.
Dangerous? When I review the quaratine anyway.
No more than sanesecurity rules and alot more than my
winnow_malware.hdb which would have caught your virus.
Point being you might jus
Jari Fredriksson wrote:
I give rat's ass to WinNow. If I would have been interested in SaneSecurity
or WinNow I would have installed those again, and tested with them.
Don't let it fall through the cracks that people here are trying to help you.
dp
___
>>
>> This is what I found about Phishing and Heuristics.
>> Dangerous? When I review the quaratine anyway.
>
> No more than sanesecurity rules and alot more than my
> winnow_malware.hdb which would have caught your virus.
>
> Point being you might just want to consider what you have
> running..
At 11:31 PM +0300 9/23/09, Jari Fredriksson wrote:
> At 10:39 PM +0300 9/23/09, Jari Fredriksson wrote:
>>
I don't run ClamAV via SpamAssassin. I have it called
by amavisd-new, which does what it does: quarantine.
Sure hope your not using heuristics, phishing and/or
safebrowsing op
> At 10:39 PM +0300 9/23/09, Jari Fredriksson wrote:
>> >>
I don't run ClamAV via SpamAssassin. I have it called
by amavisd-new, which does what it does: quarantine.
>>>
>>> Sure hope your not using heuristics, phishing and/or
>>> safebrowsing options in ClamAV if you feel that way.
At 10:42 PM +0300 9/23/09, Jari Fredriksson wrote:
> On Wed, Sep 23, 2009 at 08:11:41PM +0300, Jari
Fredriksson wrote:
Ehm, were you scoring SaneSecurity hits like one is
supposed to, or just plain rejecting with them? Sounds
like the latter.
I don't run ClamAV via SpamAssassin. I hav
At 10:39 PM +0300 9/23/09, Jari Fredriksson wrote:
>>
I don't run ClamAV via SpamAssassin. I have it called by
amavisd-new, which does what it does: quarantine.
Sure hope your not using heuristics, phishing and/or
safebrowsing options in ClamAV if you feel that way.
I use amavisd-new d
> On Wed, Sep 23, 2009 at 08:11:41PM +0300, Jari
> Fredriksson wrote:
>>>
>>> Ehm, were you scoring SaneSecurity hits like one is
>>> supposed to, or just plain rejecting with them? Sounds
>>> like the latter.
>>>
>>
>> I don't run ClamAV via SpamAssassin. I have it called by
>> amavisd-new, wh
>>
>> I don't run ClamAV via SpamAssassin. I have it called by
>> amavisd-new, which does what it does: quarantine.
>
> Sure hope your not using heuristics, phishing and/or
> safebrowsing options in ClamAV if you feel that way.
>
I use amavisd-new default options, have not touched those.
Anywa
Jari Fredriksson wrote:
I have not tried virustotal.
I have the zip file and the extracted exe as well on disk, and clamscan does
NOT detect it.
I have F-Prot and BitDefender in my amavisd-new as well, and I have no problems detecting these.
The point in this post is that ClamAV website
At 8:11 PM +0300 9/23/09, Jari Fredriksson wrote:
> On Wed, Sep 23, 2009 at 07:07:53PM +0300, Jari
Fredriksson wrote:
Jari Fredriksson wrote:
Then I decided SaneSecurity is not worth it, as
SpamAssassin catches those too, and has less false
positives.
SaneSecurity triggers way too of
On Wed, Sep 23, 2009 at 08:11:41PM +0300, Jari Fredriksson wrote:
> >
> > Ehm, were you scoring SaneSecurity hits like one is
> > supposed to, or just plain rejecting with them? Sounds
> > like the latter.
> >
>
> I don't run ClamAV via SpamAssassin. I have it called by amavisd-new,
> which doe
> On Wed, Sep 23, 2009 at 07:07:53PM +0300, Jari
> Fredriksson wrote:
>>> Jari Fredriksson wrote:
>>>
Then I decided SaneSecurity is not worth it, as
SpamAssassin catches those too, and has less false
positives.
SaneSecurity triggers way too often when some dumb us
On Wed, Sep 23, 2009 at 07:07:53PM +0300, Jari Fredriksson wrote:
> > Jari Fredriksson wrote:
> >
> >>
> >> Then I decided SaneSecurity is not worth it, as
> >> SpamAssassin catches those too, and has less false
> >> positives.
> >>
> >> SaneSecurity triggers way too often when some dumb user
>
> Jari Fredriksson wrote:
>
>>
>> Then I decided SaneSecurity is not worth it, as
>> SpamAssassin catches those too, and has less false
>> positives.
>>
>> SaneSecurity triggers way too often when some dumb user
>> pastes a spam into his mail, or some robot sends a
>> bounce with an attachment.
Jari Fredriksson wrote:
Then I decided SaneSecurity is not worth it, as SpamAssassin catches those
too, and has less false positives.
SaneSecurity triggers way too often when some dumb user pastes a spam into
his mail, or some robot sends a bounce with an attachment. I do not want to
report th
>> I get lots of 'invoices' from DHL containing a zipped
>> trojan. F-Prot recognizes them as Win32/Bredolab!Generic
>> but ClamAV does not.
>
> Hi,
>
> Just in case this helps block them... I've been detecting
> these for a while if its the same sort of fake invoices
> I've been receiving here,
>> -Original Message-
>> From: clamav-users-boun...@lists.clamav.net
>> [mailto:clamav-users- boun...@lists.clamav.net] On
>> Behalf Of Jari Fredriksson
>> Sent: Wednesday, September 23, 2009 9:14 AM
>> To: ClamAV Users
>> Subject: [Clamav-us
At 3:09 PM +0100 9/23/09, Steve Basford wrote:
>
I get lots of 'invoices' from DHL containing a zipped trojan. F-Prot
recognizes them as Win32/Bredolab!Generic but ClamAV does not.
Hi,
Just in case this helps block them... I've been detecting these for a
while if its the same sort of fake
>
> I get lots of 'invoices' from DHL containing a zipped trojan. F-Prot
> recognizes them as Win32/Bredolab!Generic but ClamAV does not.
Hi,
Just in case this helps block them... I've been detecting these for a
while if its the same sort of fake invoices I've been receiving here,
using the Sanes
> -Original Message-
> From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-
> boun...@lists.clamav.net] On Behalf Of Jari Fredriksson
> Sent: Wednesday, September 23, 2009 9:14 AM
> To: ClamAV Users
> Subject: [Clamav-users] DHL invoices
>
>
> I
I get lots of 'invoices' from DHL containing a zipped trojan. F-Prot recognizes
them as Win32/Bredolab!Generic but ClamAV does not.
I tried to post one to ClamAV site, but it was said to be recognized already.
I have
ClamAV 0.95.2/9826/Wed Sep 23 14:06:01 2009
main.cvd is up to date
34 matches
Mail list logo
