clamav-users May 2014 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [clamav-users] FP-Report: Email.Trojan-417

Re: [clamav-users] FP-Report: Email.Trojan-417

From: Shaun Hurley <shahurle_at_nospam>
Date: Mon May 19 2014 - 15:06:49 GMT
To: ClamAV users ML <clamav-users@lists.clamav.net>

Glad to hear. Thank you for the follow-up.

Shaun

On Mon, May 19, 2014 at 11:04 AM, Julian Hansmann
<julian.hansmann@1und1.de>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey,
>
> Now it works as expected. Thank you very much für your help.
>
> Kind regards,
>
> - --
>
> Julian Hansmann
>
> 1&1 Mail & Media GmbH
> Mail Application Security
>
> Am 15.05.2014 23:03, schrieb Shaun Hurley:
> > Julian,
> >
> > Please run freshclam again and scan the file. It should not be
> > alerting anymore.
> >
> > Thanks, Shaun
> >
> >
> > On Thu, May 15, 2014 at 10:07 AM, Shaun Hurley
> > <shahurle@sourcefire.com>wrote:
> >
> >> Julian and Al,
> >>
> >> I thought this was signature was removed on Tuesday. I think I
> >> found the problem and should have this resolved later today.
> >>
> >> Please let me know if you have any questions.
> >>
> >> Thank you, Shaun Hurley Cisco Malware Reseearcher
> >>
> >>
> >> On Thu, May 15, 2014 at 3:40 AM, Al Varnell <alvarnell@mac.com>
> >> wrote:
> >>
> >>>
> >>> On Thu, May 15, 2014 at 12:34 AM, Julian Hansmann wrote:
> >>>>
> >>>>
> >>>> Am 15.05.2014 09:11, schrieb Al Varnell:
> >>>>> On Thu, May 15, 2014 at 12:04 AM, Julian Hansmann wrote:
> >>>>>> thank your very much for your responses. I added the
> >>>>>> signatures name to the whitelist which works flawless.
> >>>>>
> >>>>> The signature was removed almost immediately after the
> >>>>> announcement, so you should no longer need the whitelist.
> >>>>
> >>>> Unfortunately I doubt that:
> >>>>
> >>>> $ sudo freshclam ClamAV update process started at Thu May 15
> >>>> 09:31:47 2014 main.cvd is up to date (version: 55, sigs:
> >>>> 2424225, f-level: 60, builder: neo) daily.cld is up to date
> >>>> (version: 18987, sigs: 953271, f-level: 63, builder: neo)
> >>>> bytecode.cvd is up to date (version: 236, sigs: 43, f-level:
> >>>> 63, builder: dgoddard)
> >>>>
> >>>> $ clamscan test.eml test.eml: Email.Trojan-417 FOUND
> >>>>
> >>>> $ clamscan -d ../ignore.ign2 test.eml test.eml: OK
> >>>
> >>> So it is. I could swear I checked Tuesday afternoon and
> >>> couldn’t find it, but it’s there now. Perhaps I was confusing
> >>> it with one of the other two FP’s I’m tracking. One is gone,
> >>> but I’m still waiting on the second one to be modified.
> >>>
> >>>
> >>> -Al- -- Al Varnell Mountain View, CA
> >>>
> >>>
> >>>
> >>>
> >>> _______________________________________________ Help us build a
> >>> comprehensive ClamAV guide:
> >>> https://github.com/vrtadmin/clamav-faq
> >>> http://www.clamav.net/support/ml
> >>>
> >>
> >>
> > _______________________________________________ Help us build a
> > comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq
> > http://www.clamav.net/support/ml
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Icedove - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJTeh1gAAoJEHVYMAtA/pVm7GYH/Aq12NKrHrZWEVBpMZdbA8yD
> o+CqV2KP5O5tpROZJXmjNHRQC2pf6Apyl1f/gLz4zpuOWOLxdQQRTzzrxWDzWmTB
> kmbu3bbOL7ntWCXYf+g9vkQPPIRLknnkZ08QHznbkWNglVp7N3eQIO3oKuzsSi1i
> jOHSpiFOG2yyoygv0GXZH43wE4bH4gWh2YfjS1ptTC79zrohGRLHEqX5WBk911Rr
> eSv/C/xLSRzAV5fvBgrfaoDKZvfMxNDRn6e6hTlt6jGD/MCvqKyeQz9Wm2yB1nZj
> bE6FxZD0j/23ClTZn9U7I2URbiRhXhgDTluYdEvfQtVeHU62+iGHL9P+VPFSWak=
> =in/p
> -----END PGP SIGNATURE-----
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml