[clamav-users] Unix.Trojan.ElkKnot FOUND

Al Varnell alvarnell at mac.com
Fri Jun 6 18:31:49 UTC 2014 

Yes, I see them.  Thanks.

-Al-


On Fri, Jun 06, 2014 at 09:24 AM, Alain Zidouemba wrote:
> 
> They should in be daily.cvd 19065.
> 
> - Alain
> 
> 
> On Thu, Jun 5, 2014 at 9:37 PM, Al Varnell <alvarnell at mac.com> wrote:
> 
>> Alain,
>> 
>> Just following up since it’s been a couple of weeks now.
>> 
>> I haven't see a new replacement signature yet.  Nothing new for “Unix.” or
>> “Elk”.  Did I overlook something?
>> 
>> -Al-
>> 
>> On Wed, May 21, 2014 at 04:01 PM, Alain Zidouemba wrote:
>>> 
>>> The new signature will be out in the next few releases.
>>> 
>>> If you could, please provide the md5s or sha256s of the samples that
>>> alerted.
>>> 
>>> Thanks,
>>> 
>>> - Alain
>>> 
>>> On Wednesday, May 21, 2014, DUCARROZ Birgit <birgit.ducarroz at unifr.ch>
>>> wrote:
>>> 
>>>> Thank you a lot! When will it be replaced?
>>>> I had 317 "infected" files and now I don't know if they are false
>>>> positives or not.
>>>> Curiously chkrootkit gave me this:
>>>> 
>>>> < You have     1 process hidden for readdir command
>>>> 
>>>> < You have     1 process hidden for ps command
>>>> 
>>>> < chkproc: Warning: Possible LKM Trojan installed
>>>> 
>>>> but this message disappeared also one or two days later.
>>>> Since the most of the "infected" files are old, I wonder if they might
>>>> have been infected afterwards...
>>>> 
>>>> - Birgit
>>>> 
>>>> 
>>>> On 21. 05. 14 22:09 , Alain Zidouemba wrote:
>>>> 
>>>>> It was dropped for performance reasons. We found it be generating some
>>>>> false positives, such as the one you likely had. The signature
>>>>> Unix.Trojan.ElkKnot will be replaced with a better performing one.
>>>>> 
>>>>> - Alain
>>>>> 
>>>>> 
>>>>> On Wed, May 21, 2014 at 4:07 PM, DUCARROZ Birgit
>>>>> <birgit.ducarroz at unifr.ch>wrote:
>>>>> 
>>>>> Why has it been dropped? Should I believe now that I have this trojan
>> or
>>>>>> not?
>>>>>> 
>>>>>> 
>>>>>> On 21. 05. 14 14:31 , Alain Zidouemba wrote:
>>>>>> 
>>>>>> The signature "Unix.Trojan.ElkKnot" has been dropped from our
>> signature
>>>>>>> set
>>>>>>> a few releases ago.
>>>>>>> 
>>>>>>> - Alain
>>>>>>> 
>>>>>>> 
>>>>>>> On Wed, May 21, 2014 at 5:46 AM, DUCARROZ Birgit
>>>>>>> <birgit.ducarroz at unifr.ch>wrote:
>>>>>>> 
>>>>>>> Sorry, I forgot to note my question:
>>>>>>> 
>>>>>>>> Does somebody know what this might be?
>>>>>>>> When I am scanning now the same files, this messages does not appear
>>>>>>>> again.
>>>>>>>> Actual version: ClamAV 0.97.8/19011/Wed May 21 09:48:13 2014
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On 21. 05. 14 11:41 , DUCARROZ Birgit wrote:
>>>>>>>> 
>>>>>>>> Hi,
>>>>>>>> 
>>>>>>>>> as of 05/13/2014 I had suddenly a lot of older files with
>> notification
>>>>>>>>> 
>>>>>>>>> Unix.Trojan.ElkKnot FOUND

More information about the clamav-users mailing list