Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Jul 2013 06:24:57 +0800
From:      M Rusli <linuxsecuritymrusli@gmail.com>
To:        ports@freebsd.org, gnome@freebsd.org
Subject:   Fwd: clamtk detects setuptools-0.6c11-py2.7.egg Packer.MingwGcc-2 virus
Message-ID:  <CADUSB=z=81K90pH0Jjpfv5_a6wjhmRPrkdXG2E%2BKQi2w=VapFA@mail.gmail.com>
In-Reply-To: <CADUSB=wX1g6Tp9bXf3Hi%2BfTUPCvc8C5iL=6SaupMT6jjhZ6a1A@mail.gmail.com>
References:  <CADUSB=wR-VAkSYwHOXvnhPaT48WEePP8L7coTnbijV320=Y0Pw@mail.gmail.com> <CAPk1mureXe11Ci5aWNyWBQ1BO7yJ9baT=Y0X9XdGAeUkBx9cOA@mail.gmail.com> <CADUSB=wvWnV6AaJmof0ZUHa6s2-ejhgL9vQ8cUDsiPMooSx89w@mail.gmail.com> <51876AB2.50905@sourcefire.com> <CADUSB=xzPYXgrvqaOi1OCQY1mth6RFuDLi-Svw5=MWuPyTaH6w@mail.gmail.com> <5189238D.7020509@sourcefire.com> <CADUSB=wX1g6Tp9bXf3Hi%2BfTUPCvc8C5iL=6SaupMT6jjhZ6a1A@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi

Please take note of the issues.

Thank you.



---------- Forwarded message ----------
From: M Rusli <linuxsecuritymrusli@gmail.com>
Date: Wed, May 8, 2013 at 12:54 AM
Subject: Fwd: clamtk detects setuptools-0.6c11-py2.7.egg Packer.MingwGcc-2
virus
To: Dave M <dave.nerd@gmail.com>




---------- Forwarded message ----------
From: Tom Judge <tjudge@sourcefire.com>
Date: Tue, May 7, 2013 at 11:53 PM
Subject: Re: clamtk detects setuptools-0.6c11-py2.7.egg Packer.MingwGcc-2
virus
To: M Rusli <linuxsecuritymrusli@gmail.com>


Rusli,

This signature will be dropped in the next couple of days due to high
alert rate.

Please be aware that all PUA signatures are advisory (Potentially
unwanted application) rather than real alerts for malware. And as such
they may alert on legitimate applications/files that you do want but
others may not.

Tom

On 5/6/13 5:10 PM, M Rusli wrote:
> Okay,
>
> This is from pcbsd 9.1.  Is PUA is turn on clamtk detects as virus. If
> it is turn off it did not.
>
> It's from Python 2.7 site packages.
>
> Attach is the file.
>
> It can be a false alarm with PUA turn on.
>
> By the way Dave,
>
> Please take note from Auscert.
>
>  *ASB-2013.0061 - [UNIX/Linux] ClamAV: Reduced security -
> Unknown/unspecified* <http://www.auscert.com.au/render.html?it=17463>; -
> A number of vulnerabilities have been identified in ClamAV prior to
> version 0.97.8. (30/04/2013)
>
> Thanks!
>
>
> On Mon, May 6, 2013 at 4:32 PM, Tom Judge <tjudge@sourcefire.com
> <mailto:tjudge@sourcefire.com>> wrote:
>
> Hi Rusli,
>
> I have sent this information over to the ClamAV detection team, to
> validate that the signature is correct.  Could you please send me a
> copy of the file off list?
>
>
> Thanks
>
> Tom Judge
>
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADUSB=z=81K90pH0Jjpfv5_a6wjhmRPrkdXG2E%2BKQi2w=VapFA>