For some reason MS Entourage wasn't able to properly format Jim's message. I was about to respond with the same question, except that I have looked it up.
Osx.Exploit.Iosjailbreak-1 does appear in <http://clamav-du.securesites.net/cgi-bin/clamgrok> and I can locate it in daily.cvd, but it appears to be in the disabled section and a scan of my evasi0n-mac-1.0-3c53ba10e2448d311b0f4157f2d7eb568f106c4f-release.dmg sample with ClamXav does not identify it as infected. So it would seem that both statements are true. There is a modified signature in the database, but it was removed from active use, is that correct? -Al- -- Al Varnell Mountain View, CA On 2/16/13 10:48 AM, "Jim Preston" wrote: > Note: I have combined too messages for clarity On 02/14/2013 09:50 AM, Joel > Esler wrote: > In any case. This signature was dropped a couple days ago, and > beyond that, users can ignore it on their end. > > -- Joel Esler Senior > Research Engineer, VRT Open Source Community Manager On 02/16/2013 05:15 AM, > Joel Esler wrote: > Thanks to you all for your input on this matter. I don't > think we need to continue this thread any further. > > The signature is in > place. If users want to remove the jailbreak from quarantine or whitelist the > signature, they are more than welcome to do so. > > We apologize if this has > caused any inconvenience for anyone. ClamAV runs in all kinds of places, from > the Linux desktop to the mail filter, to the enterprise AV solution. Trying > to anticipate the needs of everyone is impossible, and sometimes we have to > rely on the flexibility and openness of the project. > > We appreciate your > feedback and again, apologize for any inconvenience it has caused. > > -- > > Joel Esler > Sent from my iPhone > > On Feb 16, 2013, at 6:26 AM, Peter > Bonivart<[email protected]> wrote: > [snip] I have to agree we have beat > this enough and now digressed to who is in the majority, "honest" or > "jailbreaking" iphone users. This reply is just to request a clarification on > Joel's statements. They appear to be conflicting in my opinion. To end this > thread, please clarify the signature status, is or is not evasi0n currently > being detected? I am fine with either and using a local solution (whitelist > or .ign). And while I could query the databases to find out, I did want the > answer in the thread. -- Jim Preston _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
