[clamav-users] [Fwd: [sanesecurity] Hacking Team detection]

Bowie Bailey Bowie_Bailey at BUC.com
Fri Aug 7 09:48:37 EDT 2015


On 8/7/2015 9:20 AM, Gene Heskett wrote:
> On Friday 07 August 2015 04:46:31 Steve Basford wrote:
>
>> Just in case it's useful...
>>
>> ---------------------------- Original Message
>> ---------------------------- Subject: [sanesecurity] Hacking Team
>> detection
>> From:    "Steve Basford" <steveb_clamav at sanesecurity.com>
>> Date:    Fri, August 7, 2015 9:43 am
>> To:      sanesecurity_announce at freelists.org
>> Cc:      sanesecurity at freelists.org
>> ----------------------------------------------------------------------
>> ----
>>
>> Rook Security (www.rooksecurity.com) have analysed the recent Hacking
>> Team data dump (400GB) and produced a utility to scan systems for
>> these files.
>>
>> Sanesecuriy have converted their analysis into 435 hashes into ClamAV
>> database format.
>>
>> With Rook Security’s permission, I’ve placed a new database:
>>
>> hackingteam.hsb
>>
>> on the mirrors for distribution.
>>
>> Note the hashes are for Windows, Linux and Mac OSx systems.
>>
> Steve:
> Thank you, but for those of us who haven't played with our configuration
> for quite a while as its been Just Working(TM) for a year or more, a
> pointer to a URL showing how to incorporate this into the working
> configs we have would be appropriate.

If you are already using some of Sanesecurity's signatures, take a look 
at the update scripts you are currently using and add hackingteam.hsb to 
the list of databases.

If not, take a look here for some scripts you can use to get the databases:
http://sanesecurity.com/usage/linux-scripts/

hackingteam.hsb is probably not in the config for those scripts yet, so 
you'll have to add it.

-- 
Bowie



More information about the clamav-users mailing list