Re: [clamav-users] Virus-Datebase-Updates?

2016-01-19 Thread Joel Esler (jesler)
When you see “Added: No” in a virus report, 99x out of 100, that means its detected by something else. For example, the second one there, it has been submitted by 10 different entities, it must have been submitted (again) recently, and was detected by a signature that we’ve pulled. (it was a

Re: [clamav-users] Virus-Datebase-Updates?

2016-01-18 Thread Walter H.
On Mon, January 18, 2016 09:38, Dennis Peterson wrote: > To expect an individual vendor to be as effective as the pool is idiocy. fail, because one system relies only on one vendor > If it were possible the pool would be unnecessary. fail, because this should only be a opinion of 3rd party and

Re: [clamav-users] Virus-Datebase-Updates?

2016-01-18 Thread Al Varnell
I’m not sure how you managed to reach that conclusion as I have now three Mac OS X users with detections involving multiple applications that only run in OS X and are being identified as infected with Win.Adware.Softpulse-215. Why VT identifies this one as “-218” is strange, but nevertheless,

Re: [clamav-users] Virus-Datebase-Updates?

2016-01-18 Thread Dennis Peterson
The VirusTotal site provides a distorted view of virus detection. Their (Google $$) server farm uses every available tool out there to determine the status of a submission. The even say they make no effort of their own to detect malware, but rely on the hard work of the teams that do the heavy

Re: [clamav-users] Virus-Datebase-Updates?

2016-01-17 Thread Al Varnell
We’ll have to wait for the ClamAV signature team to come to work in the AM to get an official answer, but I’m curious on how you know that all of these submissions to VirusTotal represent proven threats? In my experience, many files uploaded to VT are totally harmless with no scanners

Re: [clamav-users] Virus-Datebase-Updates?

2016-01-17 Thread Walter H.
Hello, On Mon, January 18, 2016 07:11, Al Varnell wrote: > We’ll have to wait for the ClamAV signature team to come to work in the AM > to get an official answer, but I’m curious on how you know that all of > these submissions to VirusTotal represent proven threats? In my > experience, many

Re: [clamav-users] Virus-Datebase-Updates?

2016-01-17 Thread Steve basford
Hi Walter, Could you post a hash or two or maybe a Virustotal link to one of the Submitted ones. Cheers, Steve Web: sanesecurity.com Blog: sanesecurity.blogspot.com On 18 January 2016 04:46:07 "Walter H." wrote: Hello, I want an explanation, why not adding?