They should in be daily.cvd 19065.
- Alain
On Thu, Jun 5, 2014 at 9:37 PM, Al Varnell alvarn...@mac.com wrote:
Alain,
Just following up since it’s been a couple of weeks now.
I haven't see a new replacement signature yet. Nothing new for “Unix.” or
“Elk”. Did I overlook something?
Yes, I see them. Thanks.
-Al-
On Fri, Jun 06, 2014 at 09:24 AM, Alain Zidouemba wrote:
They should in be daily.cvd 19065.
- Alain
On Thu, Jun 5, 2014 at 9:37 PM, Al Varnell alvarn...@mac.com wrote:
Alain,
Just following up since it’s been a couple of weeks now.
I haven't
Alain,
Just following up since it’s been a couple of weeks now.
I haven't see a new replacement signature yet. Nothing new for “Unix.” or
“Elk”. Did I overlook something?
-Al-
On Wed, May 21, 2014 at 04:01 PM, Alain Zidouemba wrote:
The new signature will be out in the next few releases.
Thank you very much, that's nice.
Very happy about that :)
Regards,
Birgit
On 27. 05. 14 15:08 , Alain Zidouemba wrote:
The samples for which you sent us the hashes appear to be benign.
- Alain
On Tue, May 27, 2014 at 4:25 AM, DUCARROZ Birgit
birgit.ducar...@unifr.chwrote:
Hello,
Is
Hello,
Is someone actually able to tell me if the list I submitted are false
positives or real trojans?
Thank you,
Birgit
On 23. 05. 14 15:28 , Alain Zidouemba wrote:
Thanks Birgit.
- Alain
On Fri, May 23, 2014 at 5:38 AM, DUCARROZ Birgit
birgit.ducar...@unifr.chwrote:
oki. Here are
The samples for which you sent us the hashes appear to be benign.
- Alain
On Tue, May 27, 2014 at 4:25 AM, DUCARROZ Birgit
birgit.ducar...@unifr.chwrote:
Hello,
Is someone actually able to tell me if the list I submitted are false
positives or real trojans?
Thank you,
Birgit
On 23.
ok. Where do I have to submit the md5s ?
- Birgit
On 22. 05. 14 01:01 , Alain Zidouemba wrote:
The new signature will be out in the next few releases.
If you could, please provide the md5s or sha256s of the samples that
alerted.
Thanks,
- Alain
On Wednesday, May 21, 2014, DUCARROZ Birgit
We always do that right here.
-Al-
On Fri, May 23, 2014 at 01:23 AM, DUCARROZ Birgit wrote:
ok. Where do I have to submit the md5s ?
- Birgit
On 22. 05. 14 01:01 , Alain Zidouemba wrote:
The new signature will be out in the next few releases.
If you could, please provide the md5s
oki. Here are the md5s of the most of the alerts:
f4b3cda094eb5c4c1ab0ce2ee53e0e5f
eb693fd5c83093ec70845f2ae111edd9
1c9b1eaef2cc4c55c05b2d0a4cc9d3da
fc04088eb26044a4a6f14e257152ee31
77cb6047daab16e9227204fb0a141394
2298d177a5a8e36bedfc84a230b96108
77cb6047daab16e9227204fb0a141394
Thanks Birgit.
- Alain
On Fri, May 23, 2014 at 5:38 AM, DUCARROZ Birgit
birgit.ducar...@unifr.chwrote:
oki. Here are the md5s of the most of the alerts:
f4b3cda094eb5c4c1ab0ce2ee53e0e5f
eb693fd5c83093ec70845f2ae111edd9
1c9b1eaef2cc4c55c05b2d0a4cc9d3da
fc04088eb26044a4a6f14e257152ee31
oops, the first time I should do this. Using ubuntu, is there something
easy like an apt-get to install, or maybe a shell script that is able to
create md5s or sha256s?
I read this article http://forums.clamwin.com/viewtopic.php?t=4007 but
this does not really help me.
Suggestions how to
On 22.05.14 10:52, DUCARROZ Birgit wrote:
oops, the first time I should do this. Using ubuntu, is there
something easy like an apt-get to install, or maybe a shell script
that is able to create md5s or sha256s?
md5sum and sha256sum, both are part of coreutils
(i have debian but ubuntu is
On Thursday, May 22, 2014 12:40:21 Matus UHLAR - fantomas wrote:
On 22.05.14 10:52, DUCARROZ Birgit wrote:
oops, the first time I should do this. Using ubuntu, is there
something easy like an apt-get to install, or maybe a shell script
that is able to create md5s or sha256s?
md5sum and
Hi,
as of 05/13/2014 I had suddenly a lot of older files with notification
Unix.Trojan.ElkKnot FOUND
Regards,
Birgit
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
Sorry, I forgot to note my question:
Does somebody know what this might be?
When I am scanning now the same files, this messages does not appear again.
Actual version: ClamAV 0.97.8/19011/Wed May 21 09:48:13 2014
On 21. 05. 14 11:41 , DUCARROZ Birgit wrote:
Hi,
as of 05/13/2014 I had suddenly
The signature Unix.Trojan.ElkKnot has been dropped from our signature set
a few releases ago.
- Alain
On Wed, May 21, 2014 at 5:46 AM, DUCARROZ Birgit
birgit.ducar...@unifr.chwrote:
Sorry, I forgot to note my question:
Does somebody know what this might be?
When I am scanning now the same
On Wed, May 21, 2014 at 02:41 AM, DUCARROZ Birgit wrote:
Hi,
as of 05/13/2014 I had suddenly a lot of older files with notification
Unix.Trojan.ElkKnot FOUND
ElkKnot (aka Elknot) is apparently a Linux Trojan associated with DDOS attacks.
By coincidence, traces of it were found on an
Why has it been dropped? Should I believe now that I have this trojan or
not?
On 21. 05. 14 14:31 , Alain Zidouemba wrote:
The signature Unix.Trojan.ElkKnot has been dropped from our signature set
a few releases ago.
- Alain
On Wed, May 21, 2014 at 5:46 AM, DUCARROZ Birgit
It was dropped for performance reasons. We found it be generating some
false positives, such as the one you likely had. The signature
Unix.Trojan.ElkKnot will be replaced with a better performing one.
- Alain
On Wed, May 21, 2014 at 4:07 PM, DUCARROZ Birgit
birgit.ducar...@unifr.chwrote:
Why
Thank you a lot! When will it be replaced?
I had 317 infected files and now I don't know if they are false
positives or not.
Curiously chkrootkit gave me this:
You have 1 process hidden for readdir command
You have 1 process hidden for ps command
chkproc: Warning: Possible LKM
The new signature will be out in the next new releases.
If you could, please provide the md5s or sha256s of the samples that
alerted.
Thanks,
- Alain
On Wednesday, May 21, 2014, DUCARROZ Birgit birgit.ducar...@unifr.ch
wrote:
Thank you a lot! When will it be replaced?
I had 317 infected
The new signature will be out in the next few releases.
If you could, please provide the md5s or sha256s of the samples that
alerted.
Thanks,
- Alain
On Wednesday, May 21, 2014, DUCARROZ Birgit birgit.ducar...@unifr.ch
wrote:
Thank you a lot! When will it be replaced?
I had 317 infected
22 matches
Mail list logo