[clamav-users] Submission status

Alain Zidouemba azidouemba at sourcefire.com
Fri May 22 14:06:57 EDT 2015


Fred,

Signatures covering your samples will be released shortly.

Thanks,

- Alain

On Fri, May 22, 2015 at 10:16 AM, Fred Wittekind <rom at twister.dyndns.org>
wrote:

> Have recently run in to a large number of emails getting past my employers
> email filtering, all zip files, with executables inside, and all
> malicious.  We've submitted the samples to the ClamAV submission form, and
> to virustotal.com, when first submitted to virustotal, very few engines
> (as little as 2) detected these files.
>
> It's been a few days now, and ClamAV still doesn't detect our first
> submission.  Does it simply take longer, or is something else going on?
> None of the samples look similar to me, aside from the fact of how they are
> transmitted, and they all seem to start sending emails once they infect a
> machine.  I would love to know how they are related.
>
> md5sum:
> 2c93921e09438f60974e47747edd9ef1  5crispian.zip
> f120b6aac5beed398c7452dac82d5aa4  Document(25).zip
> 9014b68b0b027ae6a34f087787997630  Docx.zip
> dca1fd285e055431c55c63daf02165b6  Scan.zip
>
> sha256sum:
> 059eb5cc0df8e99ffb968bf7ecaae117b4fc7a67f64083ad61650b0f458b08f5
> 5crispian.zip
> acb67bc804a3fa962a630d16ca8be5b08719feb6d7273926ee4e5641b99998a3
> Document(25).zip
> 446f7e7815a5d4ffceab589eb5868c7ab2b86aa42cb114288d57fa9e0fd3cad3 Docx.zip
> ce8ae7909d82fd8cd5d88a3aa8e3f96ed85e53aabe9739cb9d30a2e72e013e3b Scan.zip
>
> One of the samples was detected by 3rd party definitions:
> 5crispian.zip: Sanesecurity.Malware.8538.UNOFFICIAL FOUND
>
> Thanks
> Fred
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


More information about the clamav-users mailing list