clamav-users May 2014 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [clamav-users] FP-Report: Email.Trojan-417

Re: [clamav-users] FP-Report: Email.Trojan-417

From: Shaun Hurley <shahurle_at_nospam>
Date: Thu May 15 2014 - 14:07:54 GMT
To: ClamAV users ML <clamav-users@lists.clamav.net>

Julian and Al,

I thought this was signature was removed on Tuesday. I think I found the
problem and should have this resolved later today.

Please let me know if you have any questions.

Thank you,
Shaun Hurley
Cisco Malware Reseearcher

On Thu, May 15, 2014 at 3:40 AM, Al Varnell <alvarnell@mac.com> wrote:

>
> On Thu, May 15, 2014 at 12:34 AM, Julian Hansmann wrote:
> >
> >
> > Am 15.05.2014 09:11, schrieb Al Varnell:
> >> On Thu, May 15, 2014 at 12:04 AM, Julian Hansmann wrote:
> >>> thank your very much for your responses. I added the signatures
> >>> name to the whitelist which works flawless.
> >>
> >> The signature was removed almost immediately after the
> >> announcement, so you should no longer need the whitelist.
> >
> > Unfortunately I doubt that:
> >
> > $ sudo freshclam
> > ClamAV update process started at Thu May 15 09:31:47 2014
> > main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60,
> > builder: neo)
> > daily.cld is up to date (version: 18987, sigs: 953271, f-level: 63,
> > builder: neo)
> > bytecode.cvd is up to date (version: 236, sigs: 43, f-level: 63,
> > builder: dgoddard)
> >
> > $ clamscan test.eml
> > test.eml: Email.Trojan-417 FOUND
> >
> > $ clamscan -d ../ignore.ign2 test.eml
> > test.eml: OK
>
> So it is. I could swear I checked Tuesday afternoon and couldn’t find it,
> but it’s there now. Perhaps I was confusing it with one of the other two
> FP’s I’m tracking. One is gone, but I’m still waiting on the second one to
> be modified.
>
>
> -Al-
> --
> Al Varnell
> Mountain View, CA
>
>
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml