Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

2016-04-02 Thread Andrew McGlashan
Hi Al, On 3/04/2016 11:17 AM, Al Varnell wrote: > sigtool --find Email.Phishing.DblDom-60 | sigtool --decode-sig Thanks, that helps. It sure looks like I need to disable that one, due to the data in my logs containing named directories from rsync output with that string. Kind Regards AndrewM

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

2016-04-02 Thread Andrew McGlashan
Hi Alain, [sorry, I didn't realize we have Al and Alain] On 3/04/2016 12:59 PM, Al Varnell wrote: > Sorry, I should have added: > > sigtool --version /usr/local/clamXav/share/clamav/ > ClamAV 0.99.1/21484/Fri Apr 1 13:09:25 2016 After update to 7.10 (Wheezy latest) and with wheezy-updates in

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

2016-04-02 Thread Andrew McGlashan
Hi Al, On 3/04/2016 12:34 PM, Alain Zidouemba wrote: > Are you up to date with your signatures? Email.Phishing.DblDom-60 was > removed on 4/1/2016. Okay, using older Wheezy, not yet updated to 7.10 ... that will probably update things. [doing the update to 7.10 now] Also added in missing

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

2016-04-02 Thread Al Varnell
Sorry, I should have added: sigtool --version /usr/local/clamXav/share/clamav/ ClamAV 0.99.1/21484/Fri Apr 1 13:09:25 2016 -Al- On Sat, Apr 02, 2016 at 07:55 PM, Al Varnell wrote: > > Alain, > > I seem to be up-to-date with daily:21484 from yesterday and I’m still seeing > it: > > host -t

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

2016-04-02 Thread Al Varnell
Alain, I seem to be up-to-date with daily:21484 from yesterday and I’m still seeing it: host -t txt current.cvd.clamav.net current.cvd.clamav.net descriptive text "0.99.1:57:21484:1459646940:1:63:44502:275" sigtool --find Email.Phishing.DblDom-60 [main.ndb]

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

2016-04-02 Thread Alain Zidouemba
Andrew: Are you up to date with your signatures? Email.Phishing.DblDom-60 was removed on 4/1/2016. FYI: $ echo -n 'Email.Phishing.DblDom-60:4:*:2f2e70617970616c2e636f6d' | sigtool --decode-sigs VIRUS NAME: Email.Phishing.DblDom-60 TARGET TYPE: MAIL OFFSET: * DECODED SIGNATURE:

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

2016-04-02 Thread Al Varnell
I was suggesting that you submit the log file as an FP. It contains partial url and if I post it here then this e-mail will be reported as infected. You can see it for yourself by running the following: sigtool --find Email.Phishing.DblDom-60 | sigtool --decode-sig -Al- On Sat, Apr 02, 2016

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

2016-04-02 Thread Andrew McGlashan
On 3/04/2016 9:32 AM, Al Varnell wrote: > Have you submitted the log to False Positive Reports yet? > This is not a /file/ it is an email source and the source changes with each and every log. Some log files are giving this problem, most are not; I need to

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

2016-04-02 Thread Al Varnell
Have you submitted the log to False Positive Reports yet? -Al- On Sat, Apr 02, 2016 at 12:54 PM, Andrew McGlashan wrote: > > Hi, > ** resend ? again no help *** > > 550 This message was detected as possible malware > (Email.Phishing.DblDom-60).

[clamav-users] Email.Phishing.DblDom-60 -- issue

2016-04-02 Thread Andrew McGlashan
Hi, -- resend ? again no help --- 550 This message was detected as possible malware (Email.Phishing.DblDom-60). It is not malware, it is just simple logs of backup processes. I have server log messages coming through that are being rejected as having "Email.Phishing.DblDom-60"

[clamav-users] Email.Phishing.DblDom-60 -- issue

2016-03-31 Thread Andrew McGlashan
Hi, -- resend ? --- I have server log messages coming through that are being rejected as having "Email.Phishing.DblDom-60" How can I determine what it is that is triggering this claim? Thanks AndrewM ___ Help us build a comprehensive

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

2016-03-31 Thread Steve Basford
On Thu, March 31, 2016 4:01 pm, Alessandro Vesely wrote: > This was a false positive itself. I got: > Virus-Found: Email.Phishing.DblDom-53 > Sanesecurity.Phishing.Cur.744.UNOFFICIAL > Thanks for the FP report. Fixed Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com Twitter:

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

2016-03-31 Thread Alessandro Vesely
This was a false positive itself. I got: Virus-Found: Email.Phishing.DblDom-53 Sanesecurity.Phishing.Cur.744.UNOFFICIAL (I wonder how could this message pass. This reply is doomed to be blocked...) Ale On Wed 30/Mar/2016 20:18:52 +0200 Alain Zidouemba wrote: > $ sigtool

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

2016-03-30 Thread Alain Zidouemba
$ sigtool -fEmail.Phishing.DblDom-60 | awk -F' ' '{print $2}' | sigtool --decode-sigs VIRUS NAME: Email.Phishing.DblDom-60 TARGET TYPE: MAIL OFFSET: * DECODED SIGNATURE: /.www.my.if.com/ If you think you have a false positive, please submit it here: http://www.clamav.net/reports/fp - Alain

[clamav-users] Email.Phishing.DblDom-60 -- issue

2016-03-30 Thread Andrew McGlashan
Hi, I have server log messages coming through that are being rejected as having "Email.Phishing.DblDom-60" How can I determine what it is that is triggering this claim? Thanks AndrewM ___ Help us build a comprehensive ClamAV guide: