[clamav-users] Bad detection rate
Walter Bürger
walter.buerger at arscons.de
Mon Jun 23 18:16:21 UTC 2014
Steve Basford wrote:
> On Mon, June 23, 2014 4:47 pm, Walter Bürger wrote:
>> This morning I submitted the file
>> Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe
>> (MD5 ad690be247dda635781e20887fcac0e7)
>> on virustotal.com.
>>
>> 4 out of 54 scanners detected a virus
>> (NOD32 named it Win32/Kryptik.CFAE)
>> but ClamAV did not detect it.
>
> Hi Walter,
>
> This was added to phish.ndb:
>
> Sanesecurity.Malware.23787.ZipHeur
>
> Added: 23 Jun 2014 09:32:40 UT
>
> Cheers,
>
> Steve
> Sanesecurity.com
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
Thank you Steve,
I am using the Sanesecurity signatures for a long time
but at the time I wrote my post to the list, I ran clamdscan
only on the exe file. If I run clamdscan on both, the zip and the exe
file, the malware in the zip file is detected:
clamdscan /tmp/bann/*
/tmp/bann/2014_06rechnung_12553625576148_sign.zip:
Sanesecurity.Malware.23787.ZipHeur.UNOFFICIAL FOUND
/tmp/bann/Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe: OK
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.137 sec (0 m 0 s)
Best regards,
Walter.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20140623/0fe81145/attachment.sig>
More information about the clamav-users
mailing list