[clamav-users] several malware samples, clamav doesn't detect

Joel Esler (jesler) jesler at cisco.com
Thu Dec 24 20:23:14 UTC 2015 

Depends on a number of factors.   It may help us if you are looking into a particular threat is to provide us the hash of the file so we can look at it specifically.

That being said, we're out of the office until Jan 4.

--
Joel Esler
Manager, Talos Group
Sent from my iPhone

On Dec 24, 2015, at 3:01 PM, Walter H. <Walter.H at mathemainzel.info<mailto:Walter.H at mathemainzel.info>> wrote:


Yesterday I did a submission of more than 20 malwares by using a browser I'm not used to;

How long does it typically last between the malware submission and its addition to the signatures?

Greetings,
Walter

On 24.12.2015 00:53, Steven Morgan wrote:
I'll check on alternate malware submission mechanisms. I tried the link
that I gave previously and it is working for me.

Steve

On Wed, Dec 23, 2015 at 3:41 PM, Walter H.<Walter.H at mathemainzel.info<mailto:Walter.H at mathemainzel.info>>
wrote:

Hello,

As I'm very new to this antivirus, which I installed just last week on my
proxy server (a CentOS VM with SSL-Interception Squid); I registered to the
list of the database update,
and there I read the following:

e.g.
"Submission-ID: 682839831
Sender: Virus Total
Sender: Anonymous
Added: Win.Adware.Agent-60405"

how does it come that this gets from Virus Total, which I'm using
regularily,
even with the strange E-mails I'm "collecting" (makes my Karma that I'll
receive them *gg*)

I'm having troubles using the link you gave, as it doesn't work with the
browser I'm used to;

Merry Christman and Greetings from a very strange weather here in Austria
(one might think to get t-shirt and shorts instead of pullovers and fur
coats)

Thanks,
Walter



On 23.12.2015 21:17, Steven Morgan wrote:

  Walter,

Please submit your malware samples here (website was changed recently):

http://www.clamav.net/reports/malware.

Thanks,
Steve



On Wed, Dec 23, 2015 at 3:01 PM, Walter H.<Walter.H at mathemainzel.info<mailto:Walter.H at mathemainzel.info>>
wrote:

Hello,
I've got several malware samples - received via E-mail - that ClamAV
doesn't detect
where could I email them - uploading is difficult, because local
antivirus
blocks them - would send by email;

I don't know why, but I receive regularily such malware by E-mail, which
I
forward to my AntiVirus vendor, and I also would do it this way to you;

please tell me to which email address ...

I noticed that the interface, that is mentioned in the "welcome
newsletter
list"-mail doesn't exist (404 error) and with
http://www.clamav.net/reports/malware I've got difficulties to use;

or would there just be an FTP where to upload them easily?

Walter H.



_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list