[clamav-users] virus samples

Alain Zidouemba azidouemba at sourcefire.com
Sat Aug 8 08:22:09 EDT 2015


What are the MD5s or SHA256s of the 37 files you submitted?
Also, make sure you are using official ClamAV signatures in your set up.

Thanks,

- Alain

On Sat, Aug 8, 2015 at 8:00 AM, sebastian at debianfan.de <
sebastian at debianfan.de> wrote:

> You've got me wrong.
>
> I have early April 2015 transmits this virus - so far nothing has happened.
>
> Should I now submit these again or lasts longer providing the signaturesby
> clamav?
>
> I understand that a virus scanner costs which money faster in delivering
> of signatures is as a volunteer working team.
>
> greeting
>
> Sebastian
>
>
>
>
> Am 08.08.2015 um 13:14 schrieb Al Varnell:
>
>> Then I clearly don’t understand what you are trying to say here.
>>
>> Why would you expect unofficial signature databases that are supplemental
>> to the ones ClamAV uses to be detected by ClamAV as infected?
>>
>> And why would you be surprised that other A-V software would detect
>> signatures that they themselves must be using?
>>
>> -Al-
>>
>> On Sat, Aug 08, 2015 at 03:41 AM, sebastian at debianfan.de wrote:
>>
>>> I submitted the Signatures in March 2015 - when i got the mails - but
>>> nothing happens
>>>
>>> that's why i ask
>>>
>>> Am 08.08.2015 um 11:20 schrieb Al Varnell:
>>>
>>>> Note that none of the signatures you list are official ClamAV
>>>> signatures, which are:
>>>>
>>>> bytecode.cld or .cvd
>>>> daily.cld or .cvd
>>>> main.cld or .cvd
>>>>
>>>> but to answer your question...to Report Malware:
>>>> <http://www.clamav.net/report/report-malware.html>
>>>>
>>>> -Al-
>>>>
>>>> On Sat, Aug 08, 2015 at 02:08 AM, sebastian at debianfan.de wrote:
>>>>
>>>>> Hi @all,
>>>>>
>>>>> i have 37 Files - which are not detected by clamav.
>>>>>
>>>>> All the files are detected by Avira Antivir & Kaspersky - but not by
>>>>> clamav.
>>>>>
>>>>> I am using the following signatures:
>>>>>
>>>>> blurl.ndb
>>>>> bofhland_cracked_URL.ndb
>>>>> bofhland_malware_URL.ndb
>>>>> bofhland_phishing_URL.ndb
>>>>> javascript.ndb
>>>>> junk.ndb
>>>>> jurlbl.ndb
>>>>> mbl.ndb
>>>>> phish.ndb
>>>>> phishtank.ndb
>>>>> porcupine.ndb
>>>>> sanesecurity-blurl.ndb
>>>>> sanesecurity-bofhland_cracked_URL.ndb
>>>>> sanesecurity-bofhland_malware_URL.ndb
>>>>> sanesecurity-bofhland_phishing_URL.ndb
>>>>> sanesecurity-doppelstern.ndb
>>>>> sanesecurity-doppelstern-phishtank.ndb
>>>>> sanesecurity-junk.ndb
>>>>> sanesecurity-jurlbla.ndb
>>>>> sanesecurity-jurlbl.ndb
>>>>> sanesecurity-lott.ndb
>>>>> sanesecurity-phish.ndb
>>>>> sanesecurity-phishtank.ndb
>>>>> sanesecurity-porcupine.ndb
>>>>> sanesecurity-scamnailer.ndb
>>>>> sanesecurity-scam.ndb
>>>>> sanesecurity-spearl.ndb
>>>>> sanesecurity-spear.ndb
>>>>> sanesecurity-winnow_extended_malware_links.ndb
>>>>> sanesecurity-winnow_malware_links.ndb
>>>>> sanesecurity-winnow_phish_complete.ndb
>>>>> sanesecurity-winnow_phish_complete_url.ndb
>>>>> sanesecurity-winnow_spam_complete.ndb
>>>>> scamnailer.ndb
>>>>> scam.ndb
>>>>> spam_marketing.ndb
>>>>> winnow_malware_links.ndb
>>>>>
>>>>>
>>>>> Where can I send the infected files?
>>>>>
>>>>> greeting
>>>>>
>>>>> Sebastian
>>>>>
>>>>>
>>>>> claminfo_sd_ at bauer-bier.de
>>>>> claminfo_sd_ at wingolfbund.de
>>>>>
>>>> _______________________________________________
>>>> Help us build a comprehensive ClamAV guide:
>>>> https://github.com/vrtadmin/clamav-faq
>>>>
>>>> http://www.clamav.net/contact.html#ml
>>>>
>>> _______________________________________________
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>> -Al-
>>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



More information about the clamav-users mailing list