Hello,
we use clamav to scan http - traffic. Since the main.cvd - update we
have many false - positives with widespread used js - libs.
For example:
http://www.cisco.com/swa/j/global.js
--> PUA.JS.Packed
http://i.dell.com/images/global/js/lib/jquery-1.2.2.js
--> PUA.JS.Packed
http://www.hp.com
Hi,
Le mercredi 9 avril 2008 14:26, Alexander Siebnich a écrit :
> Hello,
>
> we use clamav to scan http - traffic. Since the main.cvd - update we
> have many false - positives with widespread used js - libs.
>
> For example:
> http://www.cisco.com/swa/j/global.js
> --> PUA.JS.Packed
>
> http://i.d
Arnaud Jacques schrieb:
> At the moment, PUA should not be used in production environment.
> See FAQ (http://www.clamav.org/support/faq/) for details.
>
Thank you for this advice. I just wondered that this problem only
occured since the last main.cvd - update, but we can change this.
But I hav
On Wed, Apr 09, 2008 at 03:26:48PM +0200, Alexander Siebnich wrote:
> Arnaud Jacques schrieb:
> > At the moment, PUA should not be used in production environment.
> > See FAQ (http://www.clamav.org/support/faq/) for details.
> >
> Thank you for this advice. I just wondered that this problem only
Henrik K wrote:
>> But I have another one, also without PUA ;-)
>> http://www.beta.wetter.com/lib/js/1d7c7a52.js -->
>> Trojan.Downloader.JS.Agent-2
>> This is also a "ajax - jquery - lib" from a popular, german - website.
>
> I can confirm too that Trojan.Downloader.JS.Agent-2 (and 1) hit a load
Le mercredi 9 avril 2008 15:26, Alexander Siebnich a écrit :
> Arnaud Jacques schrieb:
> > At the moment, PUA should not be used in production environment.
> > See FAQ (http://www.clamav.org/support/faq/) for details.
>
> Thank you for this advice. I just wondered that this problem only
> occured s
On Wed, Apr 09, 2008 at 03:53:16PM +0200, aCaB wrote:
> Henrik K wrote:
> >> But I have another one, also without PUA ;-)
> >> http://www.beta.wetter.com/lib/js/1d7c7a52.js -->
> >> Trojan.Downloader.JS.Agent-2
> >> This is also a "ajax - jquery - lib" from a popular, german - website.
> >
> > I
Henrik K wrote:
> On Wed, Apr 09, 2008 at 03:53:16PM +0200, aCaB wrote:
>> Henrik K wrote:
But I have another one, also without PUA ;-)
http://www.beta.wetter.com/lib/js/1d7c7a52.js -->
Trojan.Downloader.JS.Agent-2
This is also a "ajax - jquery - lib" from a popular, german - w
On Wed, Apr 09, 2008 at 04:49:17PM +0200, aCaB wrote:
> Henrik K wrote:
> > On Wed, Apr 09, 2008 at 03:53:16PM +0200, aCaB wrote:
> >> Henrik K wrote:
> But I have another one, also without PUA ;-)
> http://www.beta.wetter.com/lib/js/1d7c7a52.js -->
> Trojan.Downloader.JS.Agent-2
>
Henrik K wrote:
> On Wed, Apr 09, 2008 at 04:49:17PM +0200, aCaB wrote:
>> Henrik K wrote:
>>> On Wed, Apr 09, 2008 at 03:53:16PM +0200, aCaB wrote:
Henrik K wrote:
>> But I have another one, also without PUA ;-)
>> http://www.beta.wetter.com/lib/js/1d7c7a52.js -->
>> Trojan.Downl
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of aCaB
> Sent: Wednesday, April 09, 2008 11:28 AM
> To: ClamAV users ML
> Subject: Re: [Clamav-users] Many Javascript false - positives
>
> Henrik K wrote:
> >
James E. Pratt wrote:
>
>>> I can confirm too that Trojan.Downloader.JS.Agent-2 (and 1) hit
> a
>> load of legitimate sites.
>
> Hello . I ran into this " Trojan.Downloader.JS.Agent-2" issue yesterday
> on our web server. When notified, the webmaster replied with "these are
> coming from com
Dennis Peterson schrieb:
James E. Pratt wrote:
I can confirm too that Trojan.Downloader.JS.Agent-2 (and 1) hit
a
load of legitimate sites.
Hello . I ran into this " Trojan.Downloader.JS.Agent-2" issue yesterday
on our web server. When notified, the webmaster replied with "these are
coming
Tilman Schmidt wrote:
> Dennis Peterson schrieb:
>> James E. Pratt wrote:
>>
>>>
> I can confirm too that Trojan.Downloader.JS.Agent-2 (and 1) hit
>>> a
load of legitimate sites.
>>>
>>> Hello . I ran into this " Trojan.Downloader.JS.Agent-2" issue yesterday
>>> on our web server. When
Hi there,
On Sat, 12 Apr 2008 Dennis Peterson wrote:
> [snip] leaves us with no means to evaluate the message further if
> ClamAV is to be a go no-go tool. A work-around is to not use ClamAV
> as a go no-go tool and evaluate every message further regardless of
> the presence of a virus. I'd prefe
15 matches
Mail list logo