search for: virustot

...anything in the mailing list archives, at least since December 2016. In a routine virus scan of a project that includes syslinux, McAfee Virus Scan reported what I strongly suspect to be a false positive in 32-bit syslinux.efi in the syslinux-6.04-pre1.tar.gz distribution. A follow-up search with VirusTotal shows that the same file, as identified by its SHA256, was scanned on 2 March of this year. In that scan, 9 of 59 scan engines flagged various threats, 48 of the remaining 50 engines found no issues, and two abstained due to file type. My own additional scans with ClamAV and COMODO were clean, an...

On Tuesday, 22 November 2016 19:41:10 CET noxdafox wrote: > > yara_load supports loading rules already compiled, which could have a > > namespace set -- I guess it should be reported here as well. > The namespace is accessible via the YR_RULE struct: > https://github.com/VirusTotal/yara/blob/master/libyara/include/yara/types.h#L242 > > Yet is nowere to be found in the C API documentation. > http://yara.readthedocs.io/en/v3.5.0/capi.html#c.YR_RULE > > That's why I kept it out of the scope. I can obviously add it but we're > not sure whether they...

...t;> users. >> Please let me know if / how I can assist. >> Kind regards >> Rob > Hi, > > Does clamav detect anything in this floding e-mail viruses ? My clamav > instalation (with amavisd-new) in centos 5 with the current signatures > detect nothing in compare to virustotal.org antivirus - i noticed that > clamav signatures are lag behind form the top antivir in the market. > > Viruses in ZIP archives goes via my e-mail gateway (amavisd-new+clamavd) > and are stopped finally by F-Secure Client Security. So, clamav is > defend from anything ? > >...

EPEL maintainers? I note messages in the log about updated version 0.99.1 of CLAMAV being available since Mar 5th. for CentOS 6 no update is available yet. I used to use rpmforge for this package but that languished for months before updates became available and eventually stopped altogether. Is there something I can do to assist in getting this package updated? I have no idea if this is a

An exe file that I want to run on linux made for windows comes up as a Trojan on VirusTotal - how would I run it without it affecting my system? Is there any way that I can run this program on my Linux system without possibly getting a virus? Other people have told me that it would affect your wine prefix located normally inside ~/.wine and that any program running inside a wine prefi...

On Thursday 29 October 2015 20:37:03 Ned Slider wrote: > On 29/10/15 10:51, Gary Stainburn wrote: > > On Wednesday 28 October 2015 21:12:19 Ned Slider wrote: > >> On 28/10/15 11:55, Gary Stainburn wrote: > >>> We are receiving LOTS of emails that contain empty XLS or DOC documents > >>> with embedded virus macros. These are getting past SPAMASSASSIN, >

On Wednesday, 9 November 2016 22:38:55 CET Matteo Cafasso wrote: > The internal_yara_scan runs the Yara engine with the previously loaded > rules against the given file. > > For each rule matching against the scanned file, a struct containing > the file name and the rule identifier is returned. > > The gathered list of yara_detection structs is serialised into XDR format

NUT http://www.networkupstools.org/package/windows/NUT-Installer-2.6.5-6.msi listed as trojan: https://www.virustotal.com/en/file/e4c8cd86efe6ca897583ed223c0cc0ef4458581485d23616c37ede3858586245/analysis/1481844790/ It is listed as "probably harmless" so I guess it is a false positive? Nevertheless it is not nice to see. Regards, Lars. -------------- next part -------------- An HTML attachment was sc...

...we run this package to protect our > users. > Please let me know if / how I can assist. > Kind regards > Rob Hi, Does clamav detect anything in this floding e-mail viruses ? My clamav instalation (with amavisd-new) in centos 5 with the current signatures detect nothing in compare to virustotal.org antivirus - i noticed that clamav signatures are lag behind form the top antivir in the market. Viruses in ZIP archives goes via my e-mail gateway (amavisd-new+clamavd) and are stopped finally by F-Secure Client Security. So, clamav is defend from anything ? Sorry for off topic. > __...

...ues/23) I've seen good work but it stopped.. :( I .. wannacry .. :-)) If you setup your mail server to respect servers setup conform RFC, your spam wil drop at least 70%-90% Saving you lots of cpu time. Now i use postfix with its postscreen, clamav with yara rules for antivirus. (https://virustotal.github.io/yara/) And a postfix with postscreen setup, something like this. postscreen_access_list= permit_mynetworks, cidr:/etc/postfix/cidr/postscreen_whitelist_access.cidr, # https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre pcre:/etc/postfix/pcre/fqrdns-max.pcre,...

Hi all, Just out of curiosity: is there anything we can do, on the samba side, to counter the recent ransomware attacks? (or limit the damage done) I'm thinking like: limit the number of files per second a client (workstation) is allowed to edit, or some other smart tricks..? It would be nice if samba could be an extra layer of defense. Something perhaps a vfs module could help with..?

...s = [ >> + "name", FString; >> + "rule", FString; > yara_load supports loading rules already compiled, which could have a > namespace set -- I guess it should be reported here as well. The namespace is accessible via the YR_RULE struct: https://github.com/VirusTotal/yara/blob/master/libyara/include/yara/types.h#L242 Yet is nowere to be found in the C API documentation. http://yara.readthedocs.io/en/v3.5.0/capi.html#c.YR_RULE That's why I kept it out of the scope. I can obviously add it but we're not sure whether they will expose it differently in...

...the changes I am seeing and want to make sure it stays working. > If you setup your mail server to respect servers setup conform RFC, your spam wil drop at least 70%-90% > Saving you lots of cpu time. Now i use postfix with its postscreen, clamav with yara rules for antivirus. > (https://virustotal.github.io/yara/) Thank you. I was unaware of this project (yara). I use postscreen on mail systems I administer as well. Mix it with something like amavisd, dspam, and clamav and you can have a very low spam rate (most of it on any system I work with actually comes from an old account I have tha...

...e between words in Risen 26900 GetTabbedTextExtent() returns non-zero value when nCount == 0 27168 chromium-based apps can't load https sites 27694 wine iexplore can't load hotmail.com (gives a blank page) 28946 Steam freezes 29365 Internet Explorer 8 fails to submit a URL to VirusTotal for analysis 29784 Spotify crashes on startup 30745 GOG.com version of Soulbringer crashes on startup (GetModuleHandleExW needs to support GET_MODULE_HANDLE_EX_FLAG_PIN) 32280 32-bit Visual C++ 2010 Express full installer complains "Unknown Error" with Mono (mscoree CLR v4 shim...

Yara is a rule based scanning engine aimed to help malware analysts in finding and classifying interesting samples. https://github.com/VirusTotal/yara This series adds Yara support to Libguestfs allowing to upload sets of rules and scanning files against them. Currently provided APIs: - yara_load: loads a set of rules - yara_destroy: free resources allocated by loaded rules - yara_scan: scans a file with the loaded rules Future APIs...

...gt;> > >> > > Likely. A quick Googling indicates that other programs have been > > "caught" too. > > This link is illuminative: > > http://www.cccp-project.net/forums/index.php?topic=2897.0 > > (I wanted to do the same thing with R, but http://www.virustotal.com has > a 20M cap on the file size.) > > -- > O__ ---- Peter Dalgaard ?ster Farimagsgade 5, Entr.B > c/ /'_ --- Dept. of Biostatistics PO Box 2099, 1014 Cph. K > (*) \(*) -- University of Copenhagen Denmark Ph: (+45) 35327918 > ~~~~~~~~~~ -...