[clamav-users] Eicar test string now returning Win.Trojan.Trojan-605
Al Varnell
alvarnell at mac.com
Thu Mar 17 04:38:07 UTC 2016
Disregard, I found it here after they got the new main.cvd:
<http://clamav-du.securesites.net/cgi-bin/clamgrok?virus=Win.Trojan.Trojan-605&search-type=contains&case-sensitivity=No&database=daily&database=main&display=database&display=virus&display=signature&.submit=Submit&.cgifields=database&.cgifields=search-type&.cgifields=case-sensitivity&.cgifields=display>
I’ll see what I get once my main.cvd finishes.
-Al-
On Wed, Mar 16, 2016 at 09:32 PM, Al Varnell wrote:
>
> I’m still looking, but so far I can’t find any Win.Trojan.Trojan signatures in the ClamAV Official database or listed in clamav-virusdb e-mail list.
>
> Nor can I confirm your results using my own EICAR.
>
> Are you using any Unofficial signatures from a different source?
>
> -Al-
>
> On Wed, Mar 16, 2016 at 09:06 PM, Jason J. W. Williams wrote:
>>
>> Pulled down 21466 (and force restarted clamd) but it's still classifying
>> EICAR as Win.Trojan.Trojan:
>>
>> https://gist.github.com/williamsjj/b8104402e80f44475df5
>>
>> Databases are up to date now:
>> main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder:
>> amishhammer)
>> Empty script daily-21465.cdiff, need to download entire database
>> Downloading daily.cvd [100%]
>> daily.cvd updated (version: 21466, sigs: 83889, f-level: 63, builder:
>> amishhammer)
>> Empty script bytecode-275.cdiff, need to download entire database
>> Downloading bytecode.cvd [100%]
>> bytecode.cvd updated (version: 275, sigs: 45, f-level: 63, builder:
>> amishhammer)
>> Database updated (4302724 signatures) from db.local.clamav.net (IP:
>> 193.1.193.64)
>>
>>
>>
>> On Wed, Mar 16, 2016 at 9:00 PM, Al Varnell <alvarnell at mac.com> wrote:
>>
>>> Those are normal messages for an update of this kind. The 21465.cdiff was
>>> purposely blank in order to force you to download the entire daily.cvd.
>>> Give it plenty of time as the main.cvd is 109MB.
>>>
>>> Technical details: <
>>> http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance.html
>>>>
>>>
>>> -Al-
>>>
>>> On Wed, Mar 16, 2016 at 08:56 PM, Jason J. W. Williams wrote:
>>>>
>>>> Thanks. Hopefully it'll sync up soon. I'm getting weird download errors
>>> out
>>>> of freshclam:
>>>>
>>>> WARNING: getfile: Error while reading database from db.local.clamav.net
>>>> (IP: 200.236.31.1): Operation now in progress
>>>> WARNING: getpatch: Can't download daily-21465.cdiff from
>>> db.local.clamav.net
>>>> nonblock_recv: recv timing out (30 secs)
>>>> WARNING: getfile: Error while reading database from db.local.clamav.net
>>>> (IP: 194.186.47.19): Operation now in progress
>>>> WARNING: getpatch: Can't download daily-21465.cdiff from
>>> db.local.clamav.net
>>>> Empty script daily-21465.cdiff, need to download entire database
>>>>
>>>> On Wed, Mar 16, 2016 at 8:54 PM, Al Varnell <alvarnell at mac.com> wrote:
>>>>
>>>>> The new database was just made available, so I recommend you hold off
>>>>> until you have the new mail.cvd v57 and daily.cvd v21466 before getting
>>> too
>>>>> excited about this.
>>>>>
>>>>> -Al-
>>>>>
>>>>> On Wed, Mar 16, 2016 at 08:49 PM, Jason J. W. Williams wrote:
>>>>>>
>>>>>> As of the latest daily update, running ClamAV against the EICAR test
>>>>> string
>>>>>> reports Win.Trojan.Trojan-605 instead of Eicar-Test-Signature.
>>>>>>
>>>>>> -J
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2370 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160316/92f041c5/attachment.bin>
More information about the clamav-users
mailing list