[clamav-users] Bad detection rate
Dennis Peterson
dennispe at inetnw.com
Wed Jun 25 02:44:36 UTC 2014
Why wouldn't ClamAV be interested in creating this signature as part of their
own distribution? It's a virus, it's what you do, no?
dp
On 6/24/14, 11:14 AM, Joel Esler (jesler) wrote:
> On Jun 24, 2014, at 11:01 AM, Bowie Bailey <Bowie_Bailey at BUC.com<mailto:Bowie_Bailey at BUC.com>> wrote:
> On 6/24/2014 9:53 AM, Walter Bürger wrote:
> Hi dear ClamAV team,
>
> I submitted the same file as yesterday to virustotal.com<http://virustotal.com/>:
>
> Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe
> (MD5 ad690be247dda635781e20887fcac0e7)
>
> 30 out of 54 scanners detected a virus
> (NOD32 named it Win32/Emotet.AA)
> but ClamAV did not detect it.
>
> I am just curious why ClamAV still can't detect it.
>
> AFAIK, virustotal only uses the official signatures. Your samples were detected by a Sanesecurity unofficial signature.
>
> Correct.
>
> Steve,
>
> If SaneSecurity wants to push the sig into the official set, you can get in touch with us at any time, which we’ll give you and your team full credit for.
>
> --
> Joel Esler
> Open Source Manager
> Threat Intelligence Team Lead
> Vulnerability Research Team
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
More information about the clamav-users
mailing list