clamav-users May 2014 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [clamav-users] FP-Report: Email.Trojan-417

Re: [clamav-users] FP-Report: Email.Trojan-417

From: Julian Hansmann <julian.hansmann_at_nospam>
Date: Mon May 19 2014 - 15:04:00 GMT
To: ClamAV users ML <clamav-users@lists.clamav.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey,

Now it works as expected. Thank you very much für your help.

Kind regards,

- --

Julian Hansmann

1&1 Mail & Media GmbH
Mail Application Security

Am 15.05.2014 23:03, schrieb Shaun Hurley:
> Julian,
>
> Please run freshclam again and scan the file. It should not be
> alerting anymore.
>
> Thanks, Shaun
>
>
> On Thu, May 15, 2014 at 10:07 AM, Shaun Hurley
> <shahurle@sourcefire.com>wrote:
>
>> Julian and Al,
>>
>> I thought this was signature was removed on Tuesday. I think I
>> found the problem and should have this resolved later today.
>>
>> Please let me know if you have any questions.
>>
>> Thank you, Shaun Hurley Cisco Malware Reseearcher
>>
>>
>> On Thu, May 15, 2014 at 3:40 AM, Al Varnell <alvarnell@mac.com>
>> wrote:
>>
>>>
>>> On Thu, May 15, 2014 at 12:34 AM, Julian Hansmann wrote:
>>>>
>>>>
>>>> Am 15.05.2014 09:11, schrieb Al Varnell:
>>>>> On Thu, May 15, 2014 at 12:04 AM, Julian Hansmann wrote:
>>>>>> thank your very much for your responses. I added the
>>>>>> signatures name to the whitelist which works flawless.
>>>>>
>>>>> The signature was removed almost immediately after the
>>>>> announcement, so you should no longer need the whitelist.
>>>>
>>>> Unfortunately I doubt that:
>>>>
>>>> $ sudo freshclam ClamAV update process started at Thu May 15
>>>> 09:31:47 2014 main.cvd is up to date (version: 55, sigs:
>>>> 2424225, f-level: 60, builder: neo) daily.cld is up to date
>>>> (version: 18987, sigs: 953271, f-level: 63, builder: neo)
>>>> bytecode.cvd is up to date (version: 236, sigs: 43, f-level:
>>>> 63, builder: dgoddard)
>>>>
>>>> $ clamscan test.eml test.eml: Email.Trojan-417 FOUND
>>>>
>>>> $ clamscan -d ../ignore.ign2 test.eml test.eml: OK
>>>
>>> So it is. I could swear I checked Tuesday afternoon and
>>> couldn’t find it, but it’s there now. Perhaps I was confusing
>>> it with one of the other two FP’s I’m tracking. One is gone,
>>> but I’m still waiting on the second one to be modified.
>>>
>>>
>>> -Al- -- Al Varnell Mountain View, CA
>>>
>>>
>>>
>>>
>>> _______________________________________________ Help us build a
>>> comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> http://www.clamav.net/support/ml
>>>
>>
>>
> _______________________________________________ Help us build a
> comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQEcBAEBAgAGBQJTeh1gAAoJEHVYMAtA/pVm7GYH/Aq12NKrHrZWEVBpMZdbA8yD
o+CqV2KP5O5tpROZJXmjNHRQC2pf6Apyl1f/gLz4zpuOWOLxdQQRTzzrxWDzWmTB
kmbu3bbOL7ntWCXYf+g9vkQPPIRLknnkZ08QHznbkWNglVp7N3eQIO3oKuzsSi1i
jOHSpiFOG2yyoygv0GXZH43wE4bH4gWh2YfjS1ptTC79zrohGRLHEqX5WBk911Rr
eSv/C/xLSRzAV5fvBgrfaoDKZvfMxNDRn6e6hTlt6jGD/MCvqKyeQz9Wm2yB1nZj
bE6FxZD0j/23ClTZn9U7I2URbiRhXhgDTluYdEvfQtVeHU62+iGHL9P+VPFSWak=
=in/p
-----END PGP SIGNATURE-----
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml