[clamav-users] Bad detection rate
Joel Esler (jesler)
jesler at cisco.com
Tue Jun 24 18:14:53 UTC 2014
On Jun 24, 2014, at 11:01 AM, Bowie Bailey <Bowie_Bailey at BUC.com<mailto:Bowie_Bailey at BUC.com>> wrote:
On 6/24/2014 9:53 AM, Walter Bürger wrote:
Hi dear ClamAV team,
I submitted the same file as yesterday to virustotal.com<http://virustotal.com/>:
Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe
(MD5 ad690be247dda635781e20887fcac0e7)
30 out of 54 scanners detected a virus
(NOD32 named it Win32/Emotet.AA)
but ClamAV did not detect it.
I am just curious why ClamAV still can't detect it.
AFAIK, virustotal only uses the official signatures. Your samples were detected by a Sanesecurity unofficial signature.
Correct.
Steve,
If SaneSecurity wants to push the sig into the official set, you can get in touch with us at any time, which we’ll give you and your team full credit for.
--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team
More information about the clamav-users
mailing list