[clamav-users] Submission status
azidouemba at sourcefire.com
Fri May 22 14:06:57 EDT 2015
Signatures covering your samples will be released shortly.
On Fri, May 22, 2015 at 10:16 AM, Fred Wittekind <rom at twister.dyndns.org>
> Have recently run in to a large number of emails getting past my employers
> email filtering, all zip files, with executables inside, and all
> malicious. We've submitted the samples to the ClamAV submission form, and
> to virustotal.com, when first submitted to virustotal, very few engines
> (as little as 2) detected these files.
> It's been a few days now, and ClamAV still doesn't detect our first
> submission. Does it simply take longer, or is something else going on?
> None of the samples look similar to me, aside from the fact of how they are
> transmitted, and they all seem to start sending emails once they infect a
> machine. I would love to know how they are related.
> 2c93921e09438f60974e47747edd9ef1 5crispian.zip
> f120b6aac5beed398c7452dac82d5aa4 Document(25).zip
> 9014b68b0b027ae6a34f087787997630 Docx.zip
> dca1fd285e055431c55c63daf02165b6 Scan.zip
> 446f7e7815a5d4ffceab589eb5868c7ab2b86aa42cb114288d57fa9e0fd3cad3 Docx.zip
> ce8ae7909d82fd8cd5d88a3aa8e3f96ed85e53aabe9739cb9d30a2e72e013e3b Scan.zip
> One of the samples was detected by 3rd party definitions:
> 5crispian.zip: Sanesecurity.Malware.8538.UNOFFICIAL FOUND
> Help us build a comprehensive ClamAV guide:
More information about the clamav-users