Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. users
Unix.Malware.Kaiji-10003916-0
clamav-users at lists
Jun 7, 2023, 10:42 AM
Post #1 of 5 (222 views)
Permalink
Multi False Positive reports... Just a heads up.

Cheers,

Steve
Sanesecurity.com
Twitter: @sanesecurity
Re: Unix.Malware.Kaiji-10003916-0 [ In reply to ]
clamav-users at lists
Jun 7, 2023, 10:36 PM
Post #2 of 5 (214 views)
Permalink
?Note that the signature was dropped in daily - 26932 which was released several hours earlier than usual today.

Sent from my iPad
-Al-


Sent from my iPad
-Al-
On Jun 7, 2023, at 10:43, Steve Basford via clamav-users <clamav-users@lists.clamav.net> wrote:

? Multi False Positive reports... Just a heads up.
Cheers,
Stevehttp://Sanesecurity.com"]Sanesecurity.comTwitter: @sanesecurity _______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: Unix.Malware.Kaiji-10003916-0 [ In reply to ]
clamav-users at lists
Jun 8, 2023, 3:36 AM
Post #3 of 5 (214 views)
Permalink
On Wed, 7 Jun 2023, Al Varnell via clamav-users wrote:

> Date: Wed, 7 Jun 2023 22:36:52 -0700
> From: Al Varnell via clamav-users <clamav-users@lists.clamav.net>
> To: ClamAV users ML <clamav-users@lists.clamav.net>
> Cc: Al Varnell <alvarnell@gmail.com>
> Subject: Re: [clamav-users] Unix.Malware.Kaiji-10003916-0
>
> ?Note that the signature was dropped in?daily - 26932 which was
> released several hours earlier than usual today.
>

[hubble:root]:(~)# sigtool -l | grep Unix.Malware.Kaiji
Unix.Malware.Kaiji-7789500-0
Unix.Malware.Kaiji-7789501-2
Unix.Malware.Kaiji-7813991-0
Unix.Malware.Kaiji-9760851-0
Unix.Malware.Kaiji-9763185-0
Unix.Malware.Kaiji-9969783-0
Unix.Malware.Kaiji-9992785-0
Unix.Malware.Kaiji-9993888-0
Unix.Malware.Kaiji-10000905-0
Unix.Malware.Kaiji-10002375-0
Unix.Malware.Kaiji-10002376-0
Unix.Malware.Kaiji-10003612-0
Unix.Malware.Kaiji-10003647-0
Unix.Malware.Kaiji-10003670-0
Unix.Malware.Kaiji-10003730-0
Unix.Malware.Kaiji-10003731-0
Unix.Malware.Kaiji-10003738-0
Unix.Malware.Kaiji-10003739-0
Unix.Malware.Kaiji-10003917-0
Unix.Malware.Kaiji-7789499-1
[hubble:root]:(~)# clamdscan -V
ClamAV 0.103.8/26933/Thu Jun 8 09:26:06 2023
[hubble:root]:(~)#

So how does Kaiji-10003917-0 to Kaiji-10003916-0 ? Does
Kaiji-10003916-0 get thrown out, or does it get updated to
Kaiji-10003917-0 ?


--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org stock@stokkie.net

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: Unix.Malware.Kaiji-10003916-0 [ In reply to ]
clamav-users at lists
Jun 8, 2023, 4:20 AM
Post #4 of 5 (214 views)
Permalink
> So how does Kaiji-10003917-0 to Kaiji-10003916-0 ? Does
> Kaiji-10003916-0 get thrown out, or does it get updated to
> Kaiji-10003917-0 ?

The way it was explained to me (years ago) is that they are separate signatures, unrelated expect in that they are related to Kaiji. If 10003916-0 was updated, it would become 10003916-1.

Maarten

Sent from a tiny keyboard

> On Jun 8, 2023, at 06:37, Robert M. Stockmann via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> ?On Wed, 7 Jun 2023, Al Varnell via clamav-users wrote:
>
>> Date: Wed, 7 Jun 2023 22:36:52 -0700
>> From: Al Varnell via clamav-users <clamav-users@lists.clamav.net>
>> To: ClamAV users ML <clamav-users@lists.clamav.net>
>> Cc: Al Varnell <alvarnell@gmail.com>
>> Subject: Re: [clamav-users] Unix.Malware.Kaiji-10003916-0
>>
>> Note that the signature was dropped in daily - 26932 which was
>> released several hours earlier than usual today.
>>
>
> [hubble:root]:(~)# sigtool -l | grep Unix.Malware.Kaiji
> Unix.Malware.Kaiji-7789500-0
> Unix.Malware.Kaiji-7789501-2
> Unix.Malware.Kaiji-7813991-0
> Unix.Malware.Kaiji-9760851-0
> Unix.Malware.Kaiji-9763185-0
> Unix.Malware.Kaiji-9969783-0
> Unix.Malware.Kaiji-9992785-0
> Unix.Malware.Kaiji-9993888-0
> Unix.Malware.Kaiji-10000905-0
> Unix.Malware.Kaiji-10002375-0
> Unix.Malware.Kaiji-10002376-0
> Unix.Malware.Kaiji-10003612-0
> Unix.Malware.Kaiji-10003647-0
> Unix.Malware.Kaiji-10003670-0
> Unix.Malware.Kaiji-10003730-0
> Unix.Malware.Kaiji-10003731-0
> Unix.Malware.Kaiji-10003738-0
> Unix.Malware.Kaiji-10003739-0
> Unix.Malware.Kaiji-10003917-0
> Unix.Malware.Kaiji-7789499-1
> [hubble:root]:(~)# clamdscan -V
> ClamAV 0.103.8/26933/Thu Jun 8 09:26:06 2023
> [hubble:root]:(~)#
>
> So how does Kaiji-10003917-0 to Kaiji-10003916-0 ? Does
> Kaiji-10003916-0 get thrown out, or does it get updated to
> Kaiji-10003917-0 ?
>
>
> --
> Robert M. Stockmann - RHCE
> Network Engineer - UNIX/Linux Specialist
> crashrecovery.org stock@stokkie.net
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: Unix.Malware.Kaiji-10003916-0 [ In reply to ]
clamav-users at lists
Jun 8, 2023, 12:15 PM
Post #5 of 5 (214 views)
Permalink
This is correct. Kaiji-10003917-0 would be a separate signature, loosely related Kaiji-10003916-0. If Kaiji-10003916-0 had been updated, it would be Kaiji-10003916-1.

If it were handwritten, we probably would have done that. In this case, the signature was generated by an automated system, so it was simply thrown out.

-Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Maarten Broekman via clamav-users <clamav-users@lists.clamav.net>
Sent: Thursday, June 8, 2023 4:20 AM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Maarten Broekman <maarten.broekman@gmail.com>
Subject: Re: [clamav-users] Unix.Malware.Kaiji-10003916-0

> So how does Kaiji-10003917-0 to Kaiji-10003916-0 ? Does
> Kaiji-10003916-0 get thrown out, or does it get updated to
> Kaiji-10003917-0 ?

The way it was explained to me (years ago) is that they are separate signatures, unrelated expect in that they are related to Kaiji. If 10003916-0 was updated, it would become 10003916-1.

Maarten

Sent from a tiny keyboard

> On Jun 8, 2023, at 06:37, Robert M. Stockmann via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> ?On Wed, 7 Jun 2023, Al Varnell via clamav-users wrote:
>
>> Date: Wed, 7 Jun 2023 22:36:52 -0700
>> From: Al Varnell via clamav-users <clamav-users@lists.clamav.net>
>> To: ClamAV users ML <clamav-users@lists.clamav.net>
>> Cc: Al Varnell <alvarnell@gmail.com>
>> Subject: Re: [clamav-users] Unix.Malware.Kaiji-10003916-0
>>
>> Note that the signature was dropped in daily - 26932 which was
>> released several hours earlier than usual today.
>>
>
> [hubble:root]:(~)# sigtool -l | grep Unix.Malware.Kaiji
> Unix.Malware.Kaiji-7789500-0
> Unix.Malware.Kaiji-7789501-2
> Unix.Malware.Kaiji-7813991-0
> Unix.Malware.Kaiji-9760851-0
> Unix.Malware.Kaiji-9763185-0
> Unix.Malware.Kaiji-9969783-0
> Unix.Malware.Kaiji-9992785-0
> Unix.Malware.Kaiji-9993888-0
> Unix.Malware.Kaiji-10000905-0
> Unix.Malware.Kaiji-10002375-0
> Unix.Malware.Kaiji-10002376-0
> Unix.Malware.Kaiji-10003612-0
> Unix.Malware.Kaiji-10003647-0
> Unix.Malware.Kaiji-10003670-0
> Unix.Malware.Kaiji-10003730-0
> Unix.Malware.Kaiji-10003731-0
> Unix.Malware.Kaiji-10003738-0
> Unix.Malware.Kaiji-10003739-0
> Unix.Malware.Kaiji-10003917-0
> Unix.Malware.Kaiji-7789499-1
> [hubble:root]:(~)# clamdscan -V
> ClamAV 0.103.8/26933/Thu Jun 8 09:26:06 2023
> [hubble:root]:(~)#
>
> So how does Kaiji-10003917-0 to Kaiji-10003916-0 ? Does
> Kaiji-10003916-0 get thrown out, or does it get updated to
> Kaiji-10003917-0 ?
>
>
> --
> Robert M. Stockmann - RHCE
> Network Engineer - UNIX/Linux Specialist
> crashrecovery.org stock@stokkie.net
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal