[clamav-users] [Fwd: [sanesecurity] Hacking Team detection]
Bowie Bailey
Bowie_Bailey at BUC.com
Fri Aug 7 13:48:37 UTC 2015
On 8/7/2015 9:20 AM, Gene Heskett wrote:
> On Friday 07 August 2015 04:46:31 Steve Basford wrote:
>
>> Just in case it's useful...
>>
>> ---------------------------- Original Message
>> ---------------------------- Subject: [sanesecurity] Hacking Team
>> detection
>> From: "Steve Basford" <steveb_clamav at sanesecurity.com>
>> Date: Fri, August 7, 2015 9:43 am
>> To: sanesecurity_announce at freelists.org
>> Cc: sanesecurity at freelists.org
>> ----------------------------------------------------------------------
>> ----
>>
>> Rook Security (www.rooksecurity.com) have analysed the recent Hacking
>> Team data dump (400GB) and produced a utility to scan systems for
>> these files.
>>
>> Sanesecuriy have converted their analysis into 435 hashes into ClamAV
>> database format.
>>
>> With Rook Security’s permission, I’ve placed a new database:
>>
>> hackingteam.hsb
>>
>> on the mirrors for distribution.
>>
>> Note the hashes are for Windows, Linux and Mac OSx systems.
>>
> Steve:
> Thank you, but for those of us who haven't played with our configuration
> for quite a while as its been Just Working(TM) for a year or more, a
> pointer to a URL showing how to incorporate this into the working
> configs we have would be appropriate.
If you are already using some of Sanesecurity's signatures, take a look
at the update scripts you are currently using and add hackingteam.hsb to
the list of databases.
If not, take a look here for some scripts you can use to get the databases:
http://sanesecurity.com/usage/linux-scripts/
hackingteam.hsb is probably not in the config for those scripts yet, so
you'll have to add it.
--
Bowie
More information about the clamav-users
mailing list