[clamav-users] basic malware missed???

Al Varnell alvarnell at mac.com
Tue Mar 24 21:14:00 EDT 2015


For some reason I did not receive the OP’s e-mail.

ClamAV® signature writers are reliant on samples submitted from a variety of sources, including users.  You can submit such things directly to them at “Report Malware” <http://www.clamav.net/report/report-malware.html> or indirectly through VirusTotal <http://www.virustotal.com/> where you can check to see if any of fifty or so scanners have identified it yet.  For the most part, I find these signature writers to be overworked and probably underpaid.  They work many hours trying to keep up and I doubt they have any time at all to go out and research new threats on their own.

Cisco/ClamAV® has a signature submission system in place to speed the process of developing, testing and publishing what you are looking for, and Dennis has provided you with some great information on how to help out, if you have the time.

-Al-

On Tue, Mar 24, 2015 at 03:04PM, Dennis Peterson wrote:
> 
> The string you are looking for is not necessarily the only one you should be looking for for that exploit. More information here:
> 
> http://somewebgeek.com/2014/wordpress-remote-code-execution-base64_decode/
> 
> Steve at SaneSecurity has a nice document on creating your own signatures here:
> 
> http://sanesecurity.com/support/documentation/
> 
> On 3/24/15 2:40 PM, Steve Holdoway wrote:
>> Hi folks,
>> 
>> I'm in the process of cleaning up an infected wordpress website and am
>> finding a number of files that contain
>> 
>> 
> dp



More information about the clamav-users mailing list