[Clamav-users] Many Javascript false - positives

2008-04-09 Thread Alexander Siebnich
Hello, we use clamav to scan http - traffic. Since the main.cvd - update we have many false - positives with widespread used js - libs. For example: http://www.cisco.com/swa/j/global.js --> PUA.JS.Packed http://i.dell.com/images/global/js/lib/jquery-1.2.2.js --> PUA.JS.Packed http://www.hp.com

Re: [Clamav-users] Many Javascript false - positives

2008-04-09 Thread Arnaud Jacques
Hi, Le mercredi 9 avril 2008 14:26, Alexander Siebnich a écrit : > Hello, > > we use clamav to scan http - traffic. Since the main.cvd - update we > have many false - positives with widespread used js - libs. > > For example: > http://www.cisco.com/swa/j/global.js > --> PUA.JS.Packed > > http://i.d

Re: [Clamav-users] Many Javascript false - positives

2008-04-09 Thread Alexander Siebnich
Arnaud Jacques schrieb: > At the moment, PUA should not be used in production environment. > See FAQ (http://www.clamav.org/support/faq/) for details. > Thank you for this advice. I just wondered that this problem only occured since the last main.cvd - update, but we can change this. But I hav

Re: [Clamav-users] Many Javascript false - positives

2008-04-09 Thread Henrik K
On Wed, Apr 09, 2008 at 03:26:48PM +0200, Alexander Siebnich wrote: > Arnaud Jacques schrieb: > > At the moment, PUA should not be used in production environment. > > See FAQ (http://www.clamav.org/support/faq/) for details. > > > Thank you for this advice. I just wondered that this problem only

Re: [Clamav-users] Many Javascript false - positives

2008-04-09 Thread aCaB
Henrik K wrote: >> But I have another one, also without PUA ;-) >> http://www.beta.wetter.com/lib/js/1d7c7a52.js --> >> Trojan.Downloader.JS.Agent-2 >> This is also a "ajax - jquery - lib" from a popular, german - website. > > I can confirm too that Trojan.Downloader.JS.Agent-2 (and 1) hit a load

Re: [Clamav-users] Many Javascript false - positives

2008-04-09 Thread Arnaud Jacques
Le mercredi 9 avril 2008 15:26, Alexander Siebnich a écrit : > Arnaud Jacques schrieb: > > At the moment, PUA should not be used in production environment. > > See FAQ (http://www.clamav.org/support/faq/) for details. > > Thank you for this advice. I just wondered that this problem only > occured s

Re: [Clamav-users] Many Javascript false - positives

2008-04-09 Thread Henrik K
On Wed, Apr 09, 2008 at 03:53:16PM +0200, aCaB wrote: > Henrik K wrote: > >> But I have another one, also without PUA ;-) > >> http://www.beta.wetter.com/lib/js/1d7c7a52.js --> > >> Trojan.Downloader.JS.Agent-2 > >> This is also a "ajax - jquery - lib" from a popular, german - website. > > > > I

Re: [Clamav-users] Many Javascript false - positives

2008-04-09 Thread aCaB
Henrik K wrote: > On Wed, Apr 09, 2008 at 03:53:16PM +0200, aCaB wrote: >> Henrik K wrote: But I have another one, also without PUA ;-) http://www.beta.wetter.com/lib/js/1d7c7a52.js --> Trojan.Downloader.JS.Agent-2 This is also a "ajax - jquery - lib" from a popular, german - w

Re: [Clamav-users] Many Javascript false - positives

2008-04-09 Thread Henrik K
On Wed, Apr 09, 2008 at 04:49:17PM +0200, aCaB wrote: > Henrik K wrote: > > On Wed, Apr 09, 2008 at 03:53:16PM +0200, aCaB wrote: > >> Henrik K wrote: > But I have another one, also without PUA ;-) > http://www.beta.wetter.com/lib/js/1d7c7a52.js --> > Trojan.Downloader.JS.Agent-2 >

Re: [Clamav-users] Many Javascript false - positives

2008-04-09 Thread aCaB
Henrik K wrote: > On Wed, Apr 09, 2008 at 04:49:17PM +0200, aCaB wrote: >> Henrik K wrote: >>> On Wed, Apr 09, 2008 at 03:53:16PM +0200, aCaB wrote: Henrik K wrote: >> But I have another one, also without PUA ;-) >> http://www.beta.wetter.com/lib/js/1d7c7a52.js --> >> Trojan.Downl

Re: [Clamav-users] Many Javascript false - positives

2008-04-09 Thread James E. Pratt
> -Original Message- > From: [EMAIL PROTECTED] [mailto:clamav-users- > [EMAIL PROTECTED] On Behalf Of aCaB > Sent: Wednesday, April 09, 2008 11:28 AM > To: ClamAV users ML > Subject: Re: [Clamav-users] Many Javascript false - positives > > Henrik K wrote: > >

Re: [Clamav-users] Many Javascript false - positives

2008-04-09 Thread Dennis Peterson
James E. Pratt wrote: > >>> I can confirm too that Trojan.Downloader.JS.Agent-2 (and 1) hit > a >> load of legitimate sites. > > Hello . I ran into this " Trojan.Downloader.JS.Agent-2" issue yesterday > on our web server. When notified, the webmaster replied with "these are > coming from com

Re: [Clamav-users] Many Javascript false - positives

2008-04-11 Thread Tilman Schmidt
Dennis Peterson schrieb: James E. Pratt wrote: I can confirm too that Trojan.Downloader.JS.Agent-2 (and 1) hit a load of legitimate sites. Hello . I ran into this " Trojan.Downloader.JS.Agent-2" issue yesterday on our web server. When notified, the webmaster replied with "these are coming

Re: [Clamav-users] Many Javascript false - positives

2008-04-11 Thread Dennis Peterson
Tilman Schmidt wrote: > Dennis Peterson schrieb: >> James E. Pratt wrote: >> >>> > I can confirm too that Trojan.Downloader.JS.Agent-2 (and 1) hit >>> a load of legitimate sites. >>> >>> Hello . I ran into this " Trojan.Downloader.JS.Agent-2" issue yesterday >>> on our web server. When

Re: [Clamav-users] Many Javascript false - positives

2008-04-12 Thread G.W. Haywood
Hi there, On Sat, 12 Apr 2008 Dennis Peterson wrote: > [snip] leaves us with no means to evaluate the message further if > ClamAV is to be a go no-go tool. A work-around is to not use ClamAV > as a go no-go tool and evaluate every message further regardless of > the presence of a virus. I'd prefe