Re: [clamav-users] daily.cvd out of date?

David, I forwarded this on to the ops team for a look. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos Group On Mar 16, 2015, at 8:51 AM, Smith, David mailto:drsm...@fsu.edu>> wrote: Jason, Can you PLEASE pull mirror 150.214.142.197 out of your lists??? Note the modify

Re: [clamav-users] daily.cvd out of date?

Just as a follow up — After some troubleshooting, we’ve removed this one from the mirror pool. Thanks David. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos Group On Mar 16, 2015, at 9:14 AM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: David, I forwarde

Re: [clamav-users] ClamXav and Compressed Files

Dmg scanning was added a couple of versions back. -- Joel Esler Sent from my iPhone On Mar 27, 2015, at 3:11 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: On Thu, Mar 26, 2015 at 11:17PM, Dennis Peterson wrote: Forgot to include dmg files are as described when mounted - else they are disk

Re: [clamav-users] ClamXav and Compressed Files

On Mar 29, 2015, at 7:57 AM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: On 3/29/15 4:55 AM, TR Shaw wrote: On Mar 29, 2015, at 1:45 AM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: On 3/28/15 10:43 PM, Jinwon Lee wrote: Thanks for that. I guess ‘Hash Value’ refers to the ClamA

Re: [clamav-users] Clamscan infection that is not infected

On Apr 15, 2015, at 9:50 AM, sanes mailto:z...@wrzanes.com>> wrote: Why does clamscan show this file infection, but a scan with VirusTotal.com shows file is safe? Which source should I trust? c:\Windows\System32\mobsync.exe: Win.Trojan.Agent-863936 FOUND If you belie

Re: [clamav-users] Clamscan infection that is not infected

Oh, sorry, didn’t see that Alain wrote this. Apologies. > On Apr 15, 2015, at 9:52 AM, Alain Zidouemba > wrote: > > Can you provide a checksum for your sample? > > Thanks, > > - Alain > > On Wed, Apr 15, 2015 at 9:50 AM, sanes wrote: > >> Why does clamscan show this file infection, but a

Re: [clamav-users] Clamav jar file

What are you referring to when you say “ClamAV Jar file”? -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos Group On Apr 20, 2015, at 5:06 PM, Senthil Kumar M mailto:reachsen...@gmail.com>> wrote: Hi, I want to know how to get the Clamav jar file through Maven POM file. Plea

[clamav-users] ClamAV® blog: ClamAV 0.98.7 has been released!

> http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html > > ClamAV 0.98.7 is here! This release contains new scanning features > and bug fixes. > > - Improvements to PDF processing: decryption, escape sequence > handling, and file property collection. > - Scanning/analy

Re: [clamav-users] ClamAV on XP

You may also want to use a version of Windows that has support. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos Group On May 6, 2015, at 3:20 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: You might find ClamWin easier to use -Al- On Wed, May

Re: [clamav-users] http://www.stats.clamav.net

That server is working off of old data. We haven’t built an interface for the new system yet. We actually need to take this old system down, and will when people transition to the newer versions of ClamAV. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos Group On May 6,

[clamav-users] Fwd: [Community-sigs] Create your own ClamAV signatures with CASC

Sending this over to the users list as well: Begin forwarded message: From: Alain Zidouemba mailto:azidoue...@sourcefire.com>> Subject: [Community-sigs] Create your own ClamAV signatures with CASC Date: May 14, 2015 at 9:57:00 AM PDT To: ClamAV Community Signatures Submission List mailto:commun

[clamav-users] ClamAV® blog: Lurker is going End of Life

http://blog.clamav.net/2015/05/lurker-is-going-end-of-life.html Lurker is going End of Life For years, we've had a system named "Lurker" that displayed the archives for our mailing lists, well, we are actually keeping the archives for the mailing lists in two places. On Lurker, and on mailman

Re: [clamav-users] ClamAV® blog: Lurker is going End of Life

015 at 02:20 PM, Joel Esler (jesler) wrote: http://blog.clamav.net/2015/05/lurker-is-going-end-of-life.html Lurker is going End of Life For years, we've had a system named "Lurker" that displayed the archives for our mailing lists, well, we are actually keeping the archives for the

Re: [clamav-users] unsubscribe

Why don’t you have access to the manual on github? > On May 27, 2015, at 1:21 PM, Cmos35 wrote: > > Good evening, > > Excuse me to come to you through this mail but the question that I asked her > begone find answers regarding freshclam.conf configuration and more because I > do not have acce

Re: [clamav-users] malware Html.Exploit.CVE_2015_0045

http://www.clamav.net/report/report-fp.html -- Joel Esler Sent from my iPhone On May 29, 2015, at 7:21 AM, Paul Martin mailto:paul.martin.b...@gmail.com>> wrote: Hello, I have many false positive when clamav detects "malware Html.Exploit.CVE_2015_0045", what can I do to stop these false positi

Re: [clamav-users] PUA and file descriptions

We implemented a naming convention about 3 years ago that we’ve been using since, things named before that were named.. somewhat loosely. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos Group http://www.talosintel.com On May 28, 2015, at 2:50 PM, Al Varnell mailto:alvarn

[clamav-users] ClamAV® blog: ClamAV 0.99b Meets YARA!

ClamAV 0.99b Meets YARA! The first beta release of ClamAV 0.99 is now on SourceForge! ClamAV 0.99 has some important new features to improve malware detection. First, ClamAV 0.99 supports YARA rules. YARA is another popular open source project for malware detection, analysis, and classification

Re: [clamav-users] DAT File License

Gpl v2 -- Joel Esler Sent from my iPhone On Jun 13, 2015, at 6:54 PM, Trevor Vaughan mailto:tvaug...@onyxpoint.com>> wrote: Hi All, I apologize if I missed this, but I've checked through various FAQs and have not been able to determine what license the DAT files fall under. If anyone has this

Re: [clamav-users] clamav-users Digest, Vol 129, Issue 18

On Jun 26, 2015, at 4:25 AM, Saeed Shaikh mailto:saeed_su...@yahoo.com>> wrote: Can we get the status plx The status of what? -- Joel Esler Manager, Threat Intelligence Team & Open Source Talos Group http://www.talosintel.com ___ Help us build a com

Re: [clamav-users] Freshclam Question

On Jun 30, 2015, at 9:13 AM, Steve Basford mailto:steveb_cla...@sanesecurity.com>> wrote: On Tue, June 30, 2015 1:57 pm, Nixon, R A (AL) CIV USARMY SEC (US) wrote: My organization has been using Freshcalm to update virus definitions for a number of years. We are United States based and set th

Re: [clamav-users] gpg key

On Jul 16, 2015, at 2:45 PM, Bowie Bailey mailto:bowie_bai...@buc.com>> wrote: On 7/16/2015 1:30 PM, Al Varnell wrote: Start with the Documentation page for Upgrading ClamAV: • How do I verify the integrity of ClamAV sources? Using GnuPG you can easily

Re: [clamav-users] FP Detection / Reclassify Request

On Jul 16, 2015, at 6:30 PM, Daphne Galme (daphgalm) mailto:daphg...@cisco.com>> wrote: Hi, I submitted these info several days ago (and someone also did, several weeks ago) for FP. File MD5: 574e52839d9453a0c0b9c32c11f6157e File SHA1: 8530c174909e06ebfde906b94a7c4777aa9dd4a6 I’m still seein

Re: [clamav-users] gpg key

Noticed that when I was poking around. -- Joel Esler Manager, Threat Intelligence and Open Source Talos Group Sent from my iPhone On Jul 17, 2015, at 9:10 AM, Bowie Bailey mailto:bowie_bai...@buc.com>> wrote: On 7/16/2015 7:33 PM, Joel Esler (jesler) wrote: On Jul 16, 2015, at 2:45 PM,

Re: [clamav-users] Unable to detect pdf virus

So you generated a brand new malicious pdf? (Trying to understand what the question is) Did you submit said malicious pdf to us? Perhaps you could write your own detection and submit it to us via the community signature program? -- Joel Esler Manager, Threat Intelligence and Open Source Talos G

Re: [clamav-users] Fwd: Unable to detect pdf virus

Can you provide us with the hash for the file? -- Joel Esler Manager, Threat Intelligence and Open Source Talos Group Sent from my iPhone On Jul 28, 2015, at 7:43 AM, P K mailto:pkopen...@gmail.com>> wrote: Sure. I uploaded same. I wanted someone else to try to make sure its issue with clamav.

Re: [clamav-users] ftp.heanet.ie mirror problem

ACK on this guys. A lot of the guys are on the way to Vegas, or will be tomorrow. I’ve forwarded this email to the correct people in order to get things fixed. -- Joel Esler Manager, Threat Intelligence Team & Open Source Talos Group http://www.talosintel.com On Aug 4, 2015, at 7:47 PM, Al V

Re: [clamav-users] DB update and clamav-milter delay

Al, Thanks for brining that up. Once a minute? That’s fairly excessive. Once an hour is appropriate… Overdoing it, but more appropriate. Keep in mind that the mirrors are donated to ClamAV and the bandwidth you are consuming is probably fairly heavy. If everyone did that…. -- Joel Esler

Re: [clamav-users] DB update and clamav-milter delay

On Sep 29, 2015, at 9:57 AM, Kris Deugau mailto:kdeu...@vianet.ca>> wrote: Marco wrote: Hello, I installed clamd server (0.98.7) with clamav-milter using RPM of EPEL. With this installation, after every freshclam update session, clamd is forced to read the DB: 2015-09-29T09:12:41.244383+02:00

[clamav-users] ClamAV® blog: ClamAV.org relaunch, now with on page downloads!

http://blog.clamav.net/2015/10/clamavorg-relaunch-now-with-on-page.html ClamAV.org relaunch, now with on page downloads! Those of you that have visited ClamAV.org recently may have noticed a slight change in our procedures for downloads. For years, we've be

Re: [clamav-users] [Clamav-announce] ClamAV® blog: ClamAV.org relaunch, now with on page downloads!

On Oct 15, 2015, at 4:32 PM, Quanah Gibson-Mount mailto:qua...@zimbra.com>> wrote: --On Thursday, October 15, 2015 9:07 PM + "Joel Esler (jesler)" mailto:jes...@cisco.com>> wrote: http://blog.clamav.net/2015/10/clamavorg-relaunch-now-with-on-page.html Cl

[clamav-users] ClamAV® blog: ClamAV 0.99 Release Candidate has been posted!

http://blog.clamav.net/2015/10/clamav-099-release-candidate-has-been.html ClamAV 0.99 Release Candidate has been posted! ClamAV 0.99 Release Candidate has been posted for download! Please check out the below release notes: This the first release of ClamAV that is being done on both ClamAV.net

Re: [clamav-users] 2 questions

Never mind, found it, has been updated. -- Joel Esler Manager, Talos Group On Nov 9, 2015, at 11:31 PM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: Where do you see this documentation? I’ll get it changed. -- Joel Esler Manager, Talos Group On Nov 9, 2015, at 4

Re: [clamav-users] 2 questions

Where do you see this documentation? I’ll get it changed. -- Joel Esler Manager, Talos Group On Nov 9, 2015, at 4:10 AM, Michiel van Es mailto:m...@pragmasec.nl>> wrote: Hi, I got 2 questions: 1) I saw in the clamav-users@lists.clamav.net list docu

Re: [clamav-users] old stuff from Windows95

Please submit false positive reports on the website. http://www.clamav.net -- Joel Esler Manager, Talos Group Sent from my iPad On Nov 16, 2015, at 1:55 PM, ellanios82 mailto:ellanio...@gmail.com>> wrote: Hello List , - on my Linux desktop PC , i have some old Windows95 stuff still stored :

Re: [clamav-users] LibClamAV Warning in conjunction with SWF Files

On Dec 11, 2015, at 1:58 PM, Andreas van Ohlen mailto:a.vanoh...@posteo.de>> wrote: LibClamAV Warning: SWF: declared output length != inflated stream size, 486465 != 795244 I am guessing that the Flash file being analyzed declared the length to be 795244 for a compressed section, however, wh

Re: [clamav-users] several malware samples, clamav doesn't detect

Depends on a number of factors. It may help us if you are looking into a particular threat is to provide us the hash of the file so we can look at it specifically. That being said, we're out of the office until Jan 4. -- Joel Esler Manager, Talos Group Sent from my iPhone On Dec 24, 2015, at

Re: [clamav-users] several malware samples, clamav doesn't detect

caedaae531f08bf SHA1(5.zip)= a5b5a277eddae25f8d947622d6ddec4b38c5f494 SHA1(6.zip)= 6e59c943545977f58f87b49724bbac2eb31afe02 SHA1(7.zip)= a8821aeae2ab15640a0647c5842162a2074ed7e3 SHA1(8.zip)= 7239a63577aabd46069636aacb85b1ca725a11d0 SHA1(9.zip)= 298aa02cf43c1fa961117b2f7c5838c04a28df9a On 24.12.2015 21:23,

Re: [clamav-users] several malware samples, clamav doesn't detect

Well, from the look of the email below, it's probably Dridex. Which means it's probably a word based macro downloader. -- Joel Esler Manager, Talos Group Sent from my iPhone On Dec 25, 2015, at 3:24 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: I’m a novice at signature writing, but those

Re: [clamav-users] ClamAV not detecting viruses

We receive millions of samples a day. Bringing the shas or md5 of the file to the list helps us look at what you guys are seeing. -- Joel Esler Manager, Talos Group Sent from my iPhone On Jan 1, 2016, at 12:37 PM, Andrew Wood mailto:andrewjamesw...@ymail.com>> wrote: On 01/01/16 17:23, Ste

Re: [clamav-users] Is it a real attack?

You didn't attach anything. -- Joel Esler Manager, Talos Group Sent from my iPhone On Jan 17, 2016, at 10:47 AM, Jota Pe mailto:jotape1...@yahoo.com>> wrote: I performed a ClamAV scan of all my desktop PC and the result (it is attached) tells me about some possible infections. How many? ??? Is

Re: [clamav-users] Win.Adware.Softpulse-215 FP

I have been told that all of these have been corrected already. -- Joel Esler Manager, Threat Intelligence Team & Open Source Talos Group http://www.talosintel.com On Jan 18, 2016, at 1:51 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: I’m hearing from a couple of ClamXav users that several a

Re: [clamav-users] Virus-Datebase-Updates?

When you see “Added: No” in a virus report, 99x out of 100, that means its detected by something else. For example, the second one there, it has been submitted by 10 different entities, it must have been submitted (again) recently, and was detected by a signature that we’ve pulled. (it was a fa

Re: [clamav-users] Win.Adware.Softpulse-215 FP

Please? Sent from my iPhone > On Jan 21, 2016, at 3:07 AM, Al Varnell wrote: > > Yes, I did receive feedback the same day that Win.Adware.Softpulse-215 had > been removed and I can confirm that all the others mentioned below except for > Swf.Exploit.CVE_2015_5122-1 have been removed, so I’ll

Re: [clamav-users] Win.Adware.Softpulse-215 FP

and scan the billions of malware samples we have every time we push an update. -- Joel Esler Manager, Talos Group On Jan 21, 2016, at 7:46 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Done. -Al- On Jan 21, 2016, at 4:06 AM, Joel Esler (jesler) wrote: Please? Sent from my iPho

Re: [clamav-users] ClamAV DB support

You could just Use ClamAV. -- Joel Esler iPhone On Jan 27, 2016, at 4:50 AM, Matus UHLAR - fantomas mailto:uh...@fantomas.sk>> wrote: On 20.01.16 19:02, Julian DeMille wrote: Would it possible for me to use the ClamAV virus DB to supply my new program with virus definitions? do you mean,

Re: [clamav-users] Freshclam Non-repudiation

We are more than willing to work with any 3rd party signature house to incorporate the detection into the official DB. -- Joel Esler Manager, Talos Group On Jan 29, 2016, at 5:53 PM, Benny Pedersen mailto:m...@junc.eu>> wrote: On 2016-01-29 23:28, Al Varnell wrote: Not sure how you would a

Re: [clamav-users] undefined signature ? Win.Trojan.Win64-166

Unfortunately, the system that presently publishes the ruleset (which we are building a replacement for (more details to come)), and sends the email, does not perform this function as a single step. Someone may have published without clicking the “send email” button. -- Joel Esler Manager, T

Re: [clamav-users] Successfully processed

We're double checking everything. Thanks for your patience. -- Joel Esler iPhone On Feb 15, 2016, at 4:53 AM, Mark Allan mailto:markjal...@gmail.com>> wrote: Hi, I've been getting this for a few days. The first time I received it, the rogue sig was removed from the DB shortly afterwards, so

Re: [clamav-users] Successfully processed

Gerald, We need to verify that we've received your file, and this is something we are working on. That being said, we receive millions of samples a day, so it helps, if you want to point out the hash of the file to us on the list, we can get to it. -- Joel Esler Manager, Talos Group Sent from

Re: [clamav-users] Successfully processed

h are you using? I couldn't see any on the website when submitting. Is it a regular SHA-256 hash? Also if it helps I can resubmit the file and send the hash and time of submission to this mailing list. Thx, Gerald On Feb 15, 2016, at 07:23, Joel Esler (jesler) mailto:jes...@cisco.com>&

Re: [clamav-users] FP System

There actually is :). There are at least four parts to the FP reporting system, and I have my team on it. -- Joel Esler Manager, Talos Group On Feb 16, 2016, at 6:17 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Agree. We’ve been saying this for a couple of days now and Joel said yest

[clamav-users] ClamAV FP/Malware Submissions

It appears that we have resolved the issue with FP/Malware submissions on ClamAV.net. We apologize for any error and inconvenience. Please let me know if you encounter any other errors. -- Joel Esler Manager, Talos Group ___ Hel

Re: [clamav-users] Recent rash of FPs

All sigs have a number at the end. Unless it's the first with that name. -- Joel Esler iPhone On Feb 17, 2016, at 6:08 AM, Mark Allan mailto:markjal...@gmail.com>> wrote: Hi all, I'm just wondering if there's an underlying reason for the recent rash of FP detections. From my own experience,

Re: [clamav-users] ClamAV FP/Malware Submissions

t week-or-so, or did you actually receive them OK? Mark On 16 Feb 2016, at 11:48 pm, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: It appears that we have resolved the issue with FP/Malware submissions on ClamAV.net<http://clamav.net><http://clamav.net>. We apol

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

Okay, so this is a long email, let me respond inline: -- Joel Esler Manager, Talos Group On Feb 17, 2016, at 9:40 AM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: Hello Ok, in short you know about the disaster last week where a single signature was issued by ClamAV that lit

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

Thank you for your input. We’ll take it under consideration for current efforts. On February 17, 2016 at 5:52:36 PM, Groach (groachmail-stopspammin...@yahoo.com) wrote: Hello Well I wasnt going to post any more but just to be sure I want to make

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

Jones wrote: On 2/17/2016 10:40 AM, Joel Esler (jesler) wrote: Okay, so this is a long email, let me respond inline: -- Joel Esler Manager, Talos Group Unfortunately, due to lack of quoting it's impossible to tell which parts are yours. -- Noel Jones That is also one of my pet peeves J

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

On Feb 18, 2016, at 4:01 AM, Mark Allan mailto:markjal...@gmail.com>> wrote: On 17 Feb 2016, at 11:21 pm, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: For my, I use Mail.app the majority of the time. Apparently if I delete lines and inline reply like I do in Thunderbi

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

SEE. Didn’t do it right! Stupid mail.app. -- Joel Esler Manager, Talos Group On Feb 18, 2016, at 10:28 AM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: On Feb 18, 2016, at 4:01 AM, Mark Allan mailto:markjal...@gmail.com><mailto:markjal...@gmail.com>> wrote

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

Allan mailto:markjal...@gmail.com>> wrote: On 18 Feb 2016, at 3:28 pm, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: Bottom posting with Mail.app now. Yeah, it’s how I did it that was the problem. I tried to make the email nice and neat, and Mail.app (prior to… I’d say

Re: [clamav-users] Another submission of the JavaScript virus

Are you able to submit this file to us via ClamAV.net? -- Joel Esler Manager, Talos Group On Feb 19, 2016, at 8:39 PM, Gerald Venzl mailto:gerald.ve...@gmail.com>> wrote: Hi, I haven't heard anything back yet from my submission and as I'm new to ClamAV I don't fully under

Re: [clamav-users] clamd server '/var/run/clamd.amavisd/clamd.sock' gave '' response

Gentlemen. We get the point. We’re working on it. I had a conversation with the malware lead last week to see what we can do here. -- Joel Esler Manager, Talos Group On Feb 22, 2016, at 12:06 PM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: I dont think there is any 'caus

Re: [clamav-users] IPv6 servers having problems?

Jay, I’ve forwarded the email over to our Ops Team. -- Joel Esler Manager, Talos Group On Feb 22, 2016, at 4:06 PM, Jay Clubb mailto:j...@clubbusa.com>> wrote: Starting to see more and more of this: ERROR: getpatch: Can't download daily-21400.cdiff from db.us.ipv6.clamav.net

Re: [clamav-users] email error submitting a virus sample

Kristen, We'll take a look. Please send us the hashes of the files. -- Joel Esler Manager, Talos Group Sent from my iPad On Feb 27, 2016, at 8:21 PM, Kristen mailto:kris...@atmyhome.org>> wrote: List, I just submitted to the virus submission webpage a new sample of a virus email that slipped

Re: [clamav-users] Add virus databases and signatures from third-party vendors

-- Joel Esler Manager, Talos Group On Feb 28, 2016, at 8:26 AM, Theodore Alcapotaxis mailto:summercas...@dcemail.com>> wrote: --- alvarn...@mac.com wrote: From: Al Varnell mailto:alvarn...@mac.com>> To: ClamAV users ML mailto:clamav-users@lists.clamav.net>> Subj

[clamav-users] ClamAV® blog: ClamAV 0.99.1 has been released!

http://blog.clamav.net/2016/03/clamav-0991-has-been-released.html ClamAV 0.99.1 has been released! Join us in welcoming ClamAV 0.99.1 to the family! It is ready for immediate download at ClamAV.net's download site. As a reminder, this is the last release that

Re: [clamav-users] ClamAV® blog: ClamAV 0.99.1 has been released!

Just curious to know what they finally got around to implementing. -Al- On Wed, Mar 02, 2016 at 01:09 PM, Joel Esler (jesler) wrote: http://blog.clamav.net/2016/03/clamav-0991-has-been-released.html ClamAV 0.99.1 has been released! ___ Help us b

Re: [clamav-users] clamav email error after submission of a virus sample

knc, We are working on the submission process as we speak to make this simpler. I feel like a broken record saying this, but the submission process has changed a lot recently and we’re working on it -- Joel Esler Manager, Talos Group > On Mar 2, 2016, at 6:38 PM, knc wrote: > > Hi, > I'm

Re: [clamav-users] clamav email error after submission of a virus sample

ClamAV.net<http://clamav.net> is behind cloudflare. -- Joel Esler Manager, Talos Group On Mar 4, 2016, at 6:20 AM, Alessandro Vesely mailto:ves...@tana.it>> wrote: On Thu 03/Mar/2016 03:34:15 +0100 Joel Esler (jesler) wrote: We are working on the submission process as we s

Re: [clamav-users] clamav email error after submission of a virus sample

Vesely mailto:ves...@tana.it>> wrote: On Fri 04/Mar/2016 16:07:53 +0100 Joel Esler (jesler) wrote: ClamAV.net<http://clamav.net> is behind cloudflare. Right. Would those who made that decision blog a few lines telling something more than such statement, please? That blog would be f

[clamav-users] ClamAV® blog: ClamAV will release a new main.cvd and daily.cvd this weekend.

http://blog.clamav.net/2016/03/clamav-will-release-new-maincvd-and.html ClamAV will release a new main.cvd and daily.cvd this weekend. As we periodically do, we will be releasing a new main.cvd and daily.cvd this coming weekend (March 12-13). We have completely re-written our signature manageme

Re: [clamav-users] about countermeasure for false positive

I think your answer is pretty good. It’s clearly not every clean file in the world. But clean files are added to the FP test all the time. -- Joel Esler Manager, Talos Group On Mar 8, 2016, at 5:55 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: From previous communications here, I know

Re: [clamav-users] ClamAV® blog: ClamAV will release a new main.cvd and daily.cvd this weekend.

On Wed, Mar 09, 2016 at 01:36 PM, Benny Pedersen wrote: On 8. mar. 2016 04.00.59 "Joel Esler (jesler)" mailto:jes...@cisco.com>> wrote: http://blog.clamav.net/2016/03/clamav-will-release-new-maincvd-and.html The estimated size of these files are 100 MB and 10 MB respectively.

Re: [clamav-users] ClamAV® blog: ClamAV will release a new main.cvd and daily.cvd this weekend.

in.cvd be distributed as .cdiff files or will every user have to download the main.cvd file in its entirety? Mark On 9 Mar 2016, at 10:45 pm, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: Correct. -- Joel Esler Manager, Talos Group On Mar 9, 2016, at 5:30 PM, Al Varnell m

[clamav-users] ClamAV Signature Interface has begun its migration!

http://blog.clamav.net/2016/03/clamav-signature-interface-has-begun.html Beginning now, throughout much of the weekend, we've begun our ClamAV Signature Interface migration. This means we will not be publishing any ClamAV signatures until this process is complete. As I stated in my last blog p

Re: [clamav-users] clamav-virusdb mailing list - what is the use?

If it is not useful to you, then unsubscribe from it, best advice. It is for notification of updates to the ClamAV signature database. As far as what those fields mean: Example: Submission-ID: 14926518 Sender: Virus Total Sender: VirScan.org Sender: Anonymous Sender: Pau

Re: [clamav-users] clamav-virusdb mailing list - what is the use?

o.com>> wrote: On 11/03/2016 19:12, Joel Esler (jesler) wrote: If it is not useful to you, then unsubscribe from it, best advice. It is for notification of updates to the ClamAV signature database. Of course one can unsubscribe, and in fact *I* am not subscribed. I did make the point, t

Re: [clamav-users] Why did you block me clamAV page??

This was fixed yesterday. Apologize for the inconvenience. I appreciate you all being patient, lots of change going on here lately, for the better, but there is always some turmoil during change. Appreciate the patience and effort you’ve shown us! -- Joel Esler Manager, Talos Group On M

Re: [clamav-users] [Clamav-mirrors] ClamAV Signature Interface has begun its migration!

as we’re ready to release the new database builds. We apologize for any inconvenience during this time. -- Joel Esler Manager, Talos Group On Mar 14, 2016, at 8:41 AM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: On Mar 14, 2016, at 3:31 AM, Andreas S

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

Afaik, this hasn't been up in a long time. We took it down, I thought, when we redid the website. -- Joel Esler iPhone On Mar 18, 2016, at 6:30 PM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: Subject line was URL links on 3/17/2016. That was when Joel suggested the stats link should

Re: [clamav-users] New ClamnAV database....test results for Clamwin

Thanks for the feedback! -- Joel Esler iPhone On Mar 17, 2016, at 4:55 AM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: For your info: I run Clamwin, with the additional Clamd, and supplemented with Sane security definitions. I was VERY apprehensive about today and the pessami

Re: [clamav-users] URL Links

Where are those? We need to remove them. -- Joel Esler iPhone On Mar 17, 2016, at 7:05 AM, Jerry mailto:je...@seibercom.net>> wrote: I just did a fresh install of ClamAV on a FreeBSD machine. While configuring the program,I found that the following URLs were broken: http://www.clamav.net/down

Re: [clamav-users] Signature updates?`

Paul, You are correct. We're going through testing right now, expect an announcement from me shortly. -- Joel Esler iPhone On Mar 16, 2016, at 11:04 AM, Paul Kosinski mailto:clamav-us...@iment.com>> wrote: Paul Kosinski ___ Help us build a compr

Re: [clamav-users] clamav on virus total

Yes. They update constantly. We just aren't able to get to the millions of samples we receive a day. -- Joel Esler iPhone On Mar 17, 2016, at 4:04 PM, Helmut Hullen mailto:hul...@t-online.de>> wrote: Hallo, C.D., Du meintest am 17.03.16: My only question: Is clamav on virustotal kept up to

Re: [clamav-users] clamscan false positives

Best thing to do is submit them as false positives on ClamAV.net -- Joel Esler iPhone On Mar 17, 2016, at 6:54 AM, Thomas Stein mailto:himbe...@meine-oma.de>> wrote: Hello Clamav users. Last week i started to check a gentoo distfiles directory with clamscan. To my big surpr

[clamav-users] ClamAV® blog: ClamAV Signature Interface maintenance is now complete! New Main.cvd!

http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance.html ClamAV Signature Interface maintenance is now complete! New Main.cvd! Our ClamAV Signature Interface maintenance is now complete. While we ap

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

That's the way it used to be. Used to have openid as a log in option. -- Joel Esler iPhone On Mar 19, 2016, at 10:52 AM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: The DNS configuration for www.stats.clamav.net are suspect. I just looked at the squid logs

Re: [clamav-users] Problem with mirrors overnight?

It's possible they are overloaded. We released a new main.cvd and daily late last night. -- Joel Esler iPhone On Mar 17, 2016, at 8:41 AM, Alex mailto:mysqlstud...@gmail.com>> wrote: Hi, Is there currently an issue with the mirrors? I have at least two systems on two different networks that a

Re: [clamav-users] clamav on virus total

Those are unique. -- Joel Esler iPhone On Mar 17, 2016, at 4:41 PM, C.D. Cochrane mailto:c...@post.com>> wrote: Thank you all for the replies. Just wanted to make sure my approach was logical, and VT is a reliable reference point for clamav comparison scanning. "millions of samples" received

Re: [clamav-users] [Community-sigs] ClamAV® blog: ClamAV Signature Interface maintenance is now complete! New Main.cvd!

y surprises. Cheers, - Rafael Rafael Ferreira Uva Software, LLC | scanii.com<http://scanii.com> <http://scanii.com/> ? 623.252.0441 On Mar 16, 2016, at 8:24 PM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: http://blog.clamav.net/2016/03/clamav-signature-interface

Re: [clamav-users] Locky Dridex plan

We've completely rewritten the submission process as a result of feedback from the list. It should be functioning fine now. As far as a "plan" for addressing Dridex. We have a lot of things in the works now that we have a completely new signature system, giving us capabilities that we did no

Re: [clamav-users] Locky Dridex plan

which this will take place? Does it just mean no support or do you plan to poison pill the database so the engine will no longer function, as has happened in the past. Sent from Janet's iPad -Al- On Mar 25, 2016, at 6:24 PM, "Joel Esler (jesler)" wrote: One step needs to be to

Re: [clamav-users] Locky Dridex plan

I am guessing my Linux distro will not just seamlessly move on to 0.99 by itself with an "apt-get update". Sent: Friday, March 25, 2016 at 11:00 PM From: "Joel Esler (jesler)" mailto:jes...@cisco.com>> To: "ClamAV users ML" mailto:clamav-users@lists.clamav

Re: [clamav-users] Locky Dridex plan

We even have a list for package maintainers to sign up on, where I notify the maintainers of upcoming releases. Very little traffic. -- Joel Esler iPhone On Mar 26, 2016, at 9:31 PM, Benny Pedersen mailto:m...@junc.eu>> wrote: one more reason to use gentoo where i created a github master trun

Re: [clamav-users] Latest samba source contains Win.Trojan.Qhost-106?

The largest place where ClamAV is deployed is on mail gateways. However ClamAV is deployed everywhere. Desktops, servers, mail gateways, I’ve even heard of people compiling for their Android platform, and of course Windows. -- Joel Esler Manager, Talos Group On Mar 30, 2016, at 4:53 PM, C.

Re: [clamav-users] important message

May not have been. I just happened to see it, knew it was Crap and removed the user. Kinda standard procedure. If I had to guess, I'm betting pharma spam. I can sandbox it and see next time I'm at my desk. -- Joel Esler iPhone On Apr 3, 2016, at 7:29 PM, Gene Heskett mailto:ghesk...@wdtv.co

[clamav-users] ClamAV® blog: ClamAV Community Signature contest winner for March, 2016

http://blog.clamav.net/2016/04/clamav-community-signature-contest.html We'd like to congratulate our first winner of the monthly ClamAV Community Signature contest: Samuel Borell! Congratulations! Thank you for your contributions! For more information on how you can get involved in the monthl

Re: [clamav-users] ClamAV - References

Do they also realize that (and I can guarantee it that) they are using “free open source initiatives” all over their bank? -- Joel Esler Manager, Talos Group On Apr 18, 2016, at 7:33 PM, Paul Kosinski mailto:clamav-us...@iment.com>> wrote: "However, as a bank, our security department do no

Re: [clamav-users] ClamAV - References

On Apr 19, 2016, at 8:15 AM, Leonardo Rodrigues mailto:leolis...@solutti.com.br>> wrote: Em 18/04/16 12:13, Retailleau, Damien (GE Capital) escreveu: Hi ClamAV users, We are, at GEMB France, currently looking for a solution to scan files upload on our partner portal (Java Development). To do

Re: [clamav-users] FP Win.Trojan.Agent-1395367

Yeah, sorry, I was swamped yesterday and didn’t get to follow up, we obviously dropped them both. -- Joel Esler Manager, Talos Group On Apr 21, 2016, at 4:08 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Looks like the other was dropped, as well in Daily:21500 Dropped Detection Signatur

<    1   2   3   4   5   6   7   8   9   10   >