On Mon, 18 Oct 2004, Trog wrote:
On Mon, 2004-10-18 at 15:40, Brian Morrison wrote:
On Mon, 18 Oct 2004 11:22:01 +0200 Tomasz Kojm <[EMAIL PROTECTED]> wrote:
For those running 0.80rc4 or 0.80 final, you can catch all jpeg
exploits with the following signature (add it to a local.ndb file
in your dat
On Mon, 2004-10-18 at 15:40, Brian Morrison wrote:
> On Mon, 18 Oct 2004 11:22:01 +0200 in
> [EMAIL PROTECTED] Tomasz Kojm <[EMAIL PROTECTED]>
> wrote:
>
> > > > For those running 0.80rc4 or 0.80 final, you can catch all jpeg
> > > > exploits with the following signature (add it to a local.ndb f
On Mon, 18 Oct 2004 11:22:01 +0200 in
[EMAIL PROTECTED] Tomasz Kojm <[EMAIL PROTECTED]>
wrote:
> > > For those running 0.80rc4 or 0.80 final, you can catch all jpeg
> > > exploits with the following signature (add it to a local.ndb file
> > > in your database directory):
> > >
> > > Exploit.
On Mon, 18 Oct 2004 04:41:36 +0200
Tomasz Kojm <[EMAIL PROTECTED]> wrote:
> On Sun, 17 Oct 2004 21:36:22 -0500 (CDT)
> Damian Menscher <[EMAIL PROTECTED]> wrote:
>
> > On Sun, 17 Oct 2004, Tomasz Kojm wrote:
> > > On Sun, 17 Oct 2004 14:54:07 +0100 "Steve Basford"
> > > <[EMAIL PROTECTED]> wrote:
Bogusław Brandys wrote:
Steve Basford wrote:
Just use http://www.virustotal.com/ - excellent resource for scanning
suspicious files with multiple engines at once. As mentioned in the
They did not catch it!!!
http://www.virustotal.com/flash/respuesta_sav/resultado?d5384ab0cdf6100f509aecf95454fe
Tomasz Kojm wrote:
b) VirusTotal's site has a more up to date version of ClamAV, using
the builds from here (now and again):
http://www.sosdg.org/clamav-win32/index.php
I don't think so, it seems they're using ClamWin.
Yes, all AV products in VirusTotal are Windows based, that is why we
u
On Sun, 17 Oct 2004, D Walsh wrote:
On Oct 17, 2004, at 22:49, Tomasz Kojm wrote:
On Sun, 17 Oct 2004 21:36:22 -0500 (CDT)
Damian Menscher <[EMAIL PROTECTED]> wrote:
For those running 0.80rc4 or 0.80 final, you can catch all jpeg
exploits with the following signature (add it to a local.ndb file in
On Oct 17, 2004, at 22:49, Tomasz Kojm wrote:
On Sun, 17 Oct 2004 21:36:22 -0500 (CDT)
Damian Menscher <[EMAIL PROTECTED]> wrote:
For those running 0.80rc4 or 0.80 final, you can catch all jpeg
exploits with the following signature (add it to a local.ndb file in
your database directory):
Exploit.JP
On Sun, 17 Oct 2004 21:36:22 -0500 (CDT)
Damian Menscher <[EMAIL PROTECTED]> wrote:
> For those running 0.80rc4 or 0.80 final, you can catch all jpeg
> exploits with the following signature (add it to a local.ndb file in
> your database directory):
>
> Exploit.JPEG.Comment.FalsePos:5:0:ffd8ff
Te
On Sun, 17 Oct 2004 21:36:22 -0500 (CDT)
Damian Menscher <[EMAIL PROTECTED]> wrote:
> On Sun, 17 Oct 2004, Tomasz Kojm wrote:
> > On Sun, 17 Oct 2004 14:54:07 +0100 "Steve Basford"
> > <[EMAIL PROTECTED]> wrote:
> >
> > > Can someone test ClamAV with these files:
> > > http://www.hiddenbit.org/de
On Sun, 17 Oct 2004, Tomasz Kojm wrote:
On Sun, 17 Oct 2004 14:54:07 +0100 "Steve Basford" <[EMAIL PROTECTED]> wrote:
> Can someone test ClamAV with these files:
> http://www.hiddenbit.org/demo_files/jpeg.zip
ClamAV is technically prepared to catch those files but they require
more generic signatur
On 10/17/2004 10:14 PM +0200, Steve Basford wrote:
Thanks Jotti ! Really awesome site ! Good work!
It's a very useful site, along with VirusTotal's site.
Before I go anymore off-topic, just two points to note:
a) Jotii isn't running the very lastest CVS version, he will only
run the lastest STABL
On Sun, 17 Oct 2004 21:14:00 +0100
"Steve Basford" <[EMAIL PROTECTED]> wrote:
> b) VirusTotal's site has a more up to date version of ClamAV, using
> the builds from here (now and again):
> http://www.sosdg.org/clamav-win32/index.php
I don't think so, it seems they're using ClamWin.
--
oo
Thanks Jotti ! Really awesome site ! Good work!
It's a very useful site, along with VirusTotal's site.
Before I go anymore off-topic, just two points to note:
a) Jotii isn't running the very lastest CVS version, he will only
run the lastest STABLE version, so it won't cope too well with the .CAB/U
Steve Basford wrote:
Just use http://www.virustotal.com/ - excellent resource for scanning
suspicious files with multiple engines at once. As mentioned in the
Thanks all for the checking... as a extra site to bookmark, this site is
good too:
http://virusscan.jotti.dhs.org/ ( Jotti's malware sc
Just use http://www.virustotal.com/ - excellent resource for scanning
suspicious files with multiple engines at once. As mentioned in the
Thanks all for the checking... as a extra site to bookmark, this site is
good too:
http://virusscan.jotti.dhs.org/ ( Jotti's malware scan: samples are added
Hi,
Vernon A. Fort wrote:
Vernon A. Fort wrote:
Steve Basford wrote:
Hi,
Can someone test ClamAV with these files:
http://www.hiddenbit.org/demo_files/jpeg.zip
Source:
http://lists.netsys.com/pipermail/full-disclosure/2004-October/027530.html
Cheers,
Steve
___
> Tested with McAfee uvscan, Avgscan, clamscan. Only uvscan detected a
> virus
>
>Found the Exploit-MS04-028 trojan !!!
>
> I also have sophos but not currently installed. I tested both on the
> uncompress zip and uncompressed. Again, only McAcee Uvscan detected
> anything.
>
> Vernon
Just
Vernon A. Fort wrote:
Steve Basford wrote:
Hi,
Can someone test ClamAV with these files:
http://www.hiddenbit.org/demo_files/jpeg.zip
Source:
http://lists.netsys.com/pipermail/full-disclosure/2004-October/027530.html
Cheers,
Steve
___
http://lists.clam
Steve Basford wrote:
Hi,
Can someone test ClamAV with these files:
http://www.hiddenbit.org/demo_files/jpeg.zip
Source:
http://lists.netsys.com/pipermail/full-disclosure/2004-October/027530.html
Cheers,
Steve
___
http://lists.clamav.net/cgi-bin/mailman
On Sun, 17 Oct 2004 14:54:07 +0100
"Steve Basford" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Can someone test ClamAV with these files:
>
> http://www.hiddenbit.org/demo_files/jpeg.zip
ClamAV is technically prepared to catch those files but they require
more generic signatures that can produce false
On Sun, 17 Oct 2004, Steve Basford wrote:
> Hi,
>
> Can someone test ClamAV with these files:
>
> http://www.hiddenbit.org/demo_files/jpeg.zip
[westnet]:~$ clamdscan - http://www.westnet.com/
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav
Hi,
Can someone test ClamAV with these files:
http://www.hiddenbit.org/demo_files/jpeg.zip
Source:
http://lists.netsys.com/pipermail/full-disclosure/2004-October/027530.html
Cheers,
Steve
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-use
23 matches
Mail list logo