Displaying 16 results from an estimated 16 matches for "virustotal".
2017 Aug 18
1
Virus scan - false positive for 32-bit syslinux.efi in syslinux 6.04-pre?
...anything in the mailing list archives, at least since December 2016.
In a routine virus scan of a project that includes syslinux, McAfee Virus Scan reported what I strongly suspect to be a false positive in 32-bit syslinux.efi in the syslinux-6.04-pre1.tar.gz distribution. A follow-up search with VirusTotal shows that the same file, as identified by its SHA256, was scanned on 2 March of this year. In that scan, 9 of 59 scan engines flagged various threats, 48 of the remaining 50 engines found no issues, and two abstained due to file type. My own additional scans with ClamAV and COMODO were clean, and...
2016 Nov 24
1
Re: [PATCH v2 4/6] New API: internal_yara_scan
On Tuesday, 22 November 2016 19:41:10 CET noxdafox wrote:
> > yara_load supports loading rules already compiled, which could have a
> > namespace set -- I guess it should be reported here as well.
> The namespace is accessible via the YR_RULE struct:
> https://github.com/VirusTotal/yara/blob/master/libyara/include/yara/types.h#L242
>
> Yet is nowere to be found in the C API documentation.
> http://yara.readthedocs.io/en/v3.5.0/capi.html#c.YR_RULE
>
> That's why I kept it out of the scope. I can obviously add it but we're
> not sure whether they wi...
2016 Apr 04
1
EPEL - Clamav update?
...t;> users.
>> Please let me know if / how I can assist.
>> Kind regards
>> Rob
> Hi,
>
> Does clamav detect anything in this floding e-mail viruses ? My clamav
> instalation (with amavisd-new) in centos 5 with the current signatures
> detect nothing in compare to virustotal.org antivirus - i noticed that
> clamav signatures are lag behind form the top antivir in the market.
>
> Viruses in ZIP archives goes via my e-mail gateway (amavisd-new+clamavd)
> and are stopped finally by F-Secure Client Security. So, clamav is
> defend from anything ?
>
> S...
2016 Apr 03
3
EPEL - Clamav update?
EPEL maintainers?
I note messages in the log about updated version 0.99.1 of CLAMAV being
available since Mar 5th.
for CentOS 6 no update is available yet.
I used to use rpmforge for this package but that languished for months
before updates became available and eventually stopped altogether.
Is there something I can do to assist in getting this package updated?
I have no idea if this is a
2012 Jan 23
5
Help with Wine and running exe w/ possible malware?
An exe file that I want to run on linux made for windows comes up as a Trojan on VirusTotal - how would I run it without it affecting my system?
Is there any way that I can run this program on my Linux system without possibly getting a virus?
Other people have told me that it would affect your wine prefix located normally inside ~/.wine and that any program running inside a wine prefix...
2015 Oct 30
1
Detecting empty office doc containing virus macro
On Thursday 29 October 2015 20:37:03 Ned Slider wrote:
> On 29/10/15 10:51, Gary Stainburn wrote:
> > On Wednesday 28 October 2015 21:12:19 Ned Slider wrote:
> >> On 28/10/15 11:55, Gary Stainburn wrote:
> >>> We are receiving LOTS of emails that contain empty XLS or DOC documents
> >>> with embedded virus macros. These are getting past SPAMASSASSIN,
>
2016 Nov 22
2
Re: [PATCH v2 4/6] New API: internal_yara_scan
On Wednesday, 9 November 2016 22:38:55 CET Matteo Cafasso wrote:
> The internal_yara_scan runs the Yara engine with the previously loaded
> rules against the given file.
>
> For each rule matching against the scanned file, a struct containing
> the file name and the rule identifier is returned.
>
> The gathered list of yara_detection structs is serialised into XDR format
2016 Dec 15
0
Listed as Trojan
NUT http://www.networkupstools.org/package/windows/NUT-Installer-2.6.5-6.msi
listed
as trojan:
https://www.virustotal.com/en/file/e4c8cd86efe6ca897583ed223c0cc0ef4458581485d23616c37ede3858586245/analysis/1481844790/
It is listed as "probably harmless" so I guess it is a false positive?
Nevertheless it is not nice to see.
Regards, Lars.
-------------- next part --------------
An HTML attachment was scru...
2016 Apr 03
0
EPEL - Clamav update?
...we run this package to protect our
> users.
> Please let me know if / how I can assist.
> Kind regards
> Rob
Hi,
Does clamav detect anything in this floding e-mail viruses ? My clamav
instalation (with amavisd-new) in centos 5 with the current signatures
detect nothing in compare to virustotal.org antivirus - i noticed that
clamav signatures are lag behind form the top antivir in the market.
Viruses in ZIP archives goes via my e-mail gateway (amavisd-new+clamavd)
and are stopped finally by F-Secure Client Security. So, clamav is
defend from anything ?
Sorry for off topic.
> ____...
2017 Jun 28
0
ransomware etc
...ues/23)
I've seen good work but it stopped.. :(
I .. wannacry .. :-))
If you setup your mail server to respect servers setup conform RFC, your spam wil drop at least 70%-90%
Saving you lots of cpu time. Now i use postfix with its postscreen, clamav with yara rules for antivirus.
(https://virustotal.github.io/yara/)
And a postfix with postscreen setup, something like this.
postscreen_access_list=
permit_mynetworks,
cidr:/etc/postfix/cidr/postscreen_whitelist_access.cidr,
# https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre
pcre:/etc/postfix/pcre/fqrdns-max.pcre,...
2017 Jun 28
10
ransomware etc
Hi all,
Just out of curiosity: is there anything we can do, on the samba side,
to counter the recent ransomware attacks? (or limit the damage done)
I'm thinking like: limit the number of files per second a client
(workstation) is allowed to edit, or some other smart tricks..?
It would be nice if samba could be an extra layer of defense.
Something perhaps a vfs module could help with..?
2016 Nov 22
0
Re: [PATCH v2 4/6] New API: internal_yara_scan
...s = [
>> + "name", FString;
>> + "rule", FString;
> yara_load supports loading rules already compiled, which could have a
> namespace set -- I guess it should be reported here as well.
The namespace is accessible via the YR_RULE struct:
https://github.com/VirusTotal/yara/blob/master/libyara/include/yara/types.h#L242
Yet is nowere to be found in the C API documentation.
http://yara.readthedocs.io/en/v3.5.0/capi.html#c.YR_RULE
That's why I kept it out of the scope. I can obviously add it but we're
not sure whether they will expose it differently in fu...
2017 Jun 29
1
ransomware etc (referencing in part Samba-virusfilter)
...the changes I
am seeing and want to make sure it stays working.
> If you setup your mail server to respect servers setup conform RFC, your spam wil drop at least 70%-90%
> Saving you lots of cpu time. Now i use postfix with its postscreen, clamav with yara rules for antivirus.
> (https://virustotal.github.io/yara/)
Thank you. I was unaware of this project (yara). I use postscreen on
mail systems I administer as well. Mix it with something like amavisd,
dspam, and clamav and you can have a very low spam rate (most of it on
any system I work with actually comes from an old account I have that...
2013 Oct 25
0
Wine release 1.7.5
...e between words in Risen
26900 GetTabbedTextExtent() returns non-zero value when nCount == 0
27168 chromium-based apps can't load https sites
27694 wine iexplore can't load hotmail.com (gives a blank page)
28946 Steam freezes
29365 Internet Explorer 8 fails to submit a URL to VirusTotal for analysis
29784 Spotify crashes on startup
30745 GOG.com version of Soulbringer crashes on startup (GetModuleHandleExW needs to support GET_MODULE_HANDLE_EX_FLAG_PIN)
32280 32-bit Visual C++ 2010 Express full installer complains "Unknown Error" with Mono (mscoree CLR v4 shim n...
2016 Nov 02
8
[PATCH 0/6] Feature: Yara file scanning
Yara is a rule based scanning engine aimed to help malware analysts in finding and classifying interesting samples.
https://github.com/VirusTotal/yara
This series adds Yara support to Libguestfs allowing to upload sets of rules and scanning files against them.
Currently provided APIs:
- yara_load: loads a set of rules
- yara_destroy: free resources allocated by loaded rules
- yara_scan: scans a file with the loaded rules
Future APIs:...
2008 Oct 15
0
R-help Digest, Vol 67, Issue 31
...gt;>
> >>
> > Likely. A quick Googling indicates that other programs have been
> > "caught" too.
> > This link is illuminative:
> > http://www.cccp-project.net/forums/index.php?topic=2897.0
>
> (I wanted to do the same thing with R, but http://www.virustotal.com has
> a 20M cap on the file size.)
>
> --
> O__ ---- Peter Dalgaard ?ster Farimagsgade 5, Entr.B
> c/ /'_ --- Dept. of Biostatistics PO Box 2099, 1014 Cph. K
> (*) \(*) -- University of Copenhagen Denmark Ph: (+45) 35327918
> ~~~~~~~~~~ - (p...