[clamav-users] FP-Report: Email.Trojan-417

[Julian Hansmann]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey,

Now it works as expected. Thank you very much für your help.

Kind regards,

- -- 

Julian Hansmann

1&1 Mail & Media GmbH
Mail Application Security

Am 15.05.2014 23:03, schrieb Shaun Hurley:
> Julian,
> 
> Please run freshclam again and scan the file. It should not be
> alerting anymore.
> 
> Thanks, Shaun
> 
> 
> On Thu, May 15, 2014 at 10:07 AM, Shaun Hurley
> <shahurle at sourcefire.com>wrote:
> 
>> Julian and Al,
>> 
>> I thought this was signature was removed on Tuesday. I think I
>> found the problem and should have this resolved later today.
>> 
>> Please let me know if you have any questions.
>> 
>> Thank you, Shaun Hurley Cisco Malware Reseearcher
>> 
>> 
>> On Thu, May 15, 2014 at 3:40 AM, Al Varnell <alvarnell at mac.com>
>> wrote:
>> 
>>> 
>>> On Thu, May 15, 2014 at 12:34 AM, Julian Hansmann wrote:
>>>> 
>>>> 
>>>> Am 15.05.2014 09:11, schrieb Al Varnell:
>>>>> On Thu, May 15, 2014 at 12:04 AM, Julian Hansmann wrote:
>>>>>> thank your very much for your responses. I added the
>>>>>> signatures name to the whitelist which works flawless.
>>>>> 
>>>>> The signature was removed almost immediately after the 
>>>>> announcement, so you should no longer need the whitelist.
>>>> 
>>>> Unfortunately I doubt that:
>>>> 
>>>> $ sudo freshclam ClamAV update process started at Thu May 15
>>>> 09:31:47 2014 main.cvd is up to date (version: 55, sigs:
>>>> 2424225, f-level: 60, builder: neo) daily.cld is up to date
>>>> (version: 18987, sigs: 953271, f-level: 63, builder: neo) 
>>>> bytecode.cvd is up to date (version: 236, sigs: 43, f-level:
>>>> 63, builder: dgoddard)
>>>> 
>>>> $ clamscan test.eml test.eml: Email.Trojan-417 FOUND
>>>> 
>>>> $ clamscan -d ../ignore.ign2 test.eml test.eml: OK
>>> 
>>> So it is.  I could swear I checked Tuesday afternoon and
>>> couldn’t find it, but it’s there now.  Perhaps I was confusing
>>> it with one of the other two FP’s I’m tracking.  One is gone,
>>> but I’m still waiting on the second one to be modified.
>>> 
>>> 
>>> -Al- -- Al Varnell Mountain View, CA
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________ Help us build a
>>> comprehensive ClamAV guide: 
>>> https://github.com/vrtadmin/clamav-faq 
>>> http://www.clamav.net/support/ml
>>> 
>> 
>> 
> _______________________________________________ Help us build a
> comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq 
> http://www.clamav.net/support/ml
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQEcBAEBAgAGBQJTeh1gAAoJEHVYMAtA/pVm7GYH/Aq12NKrHrZWEVBpMZdbA8yD
o+CqV2KP5O5tpROZJXmjNHRQC2pf6Apyl1f/gLz4zpuOWOLxdQQRTzzrxWDzWmTB
kmbu3bbOL7ntWCXYf+g9vkQPPIRLknnkZ08QHznbkWNglVp7N3eQIO3oKuzsSi1i
jOHSpiFOG2yyoygv0GXZH43wE4bH4gWh2YfjS1ptTC79zrohGRLHEqX5WBk911Rr
eSv/C/xLSRzAV5fvBgrfaoDKZvfMxNDRn6e6hTlt6jGD/MCvqKyeQz9Wm2yB1nZj
bE6FxZD0j/23ClTZn9U7I2URbiRhXhgDTluYdEvfQtVeHU62+iGHL9P+VPFSWak=
=in/p
-----END PGP SIGNATURE-----