[clamav-users] Identifying jar virus file

Al Varnell alvarnell at mac.com
Tue Oct 20 15:57:48 UTC 2015 

According to this, Sophos should see it as Troj/JavaBz-ZO:
<https://www.virustotal.com/en/file/f97ea502099c1bea8eb36e2f90e94feabf1a79652cd5c0f4384f91f65410aa9f/analysis/> submitted yesterday.

Microsoft detects it as Trojan:Java/Adwind.P
and Kaspersky calls it Trojan.Java.Adwind.af

-Al-

On Tue, Oct 20, 2015 at 06:14 AM, Alex wrote:
> 
> On Mon, Oct 19, 2015 at 9:59 PM, Alain Zidouemba
> <azidouemba at sourcefire.com> wrote:
>> Send the sample here: http://www.clamav.net/reports/malware
>> 
>> Provide the MD5 or SHA256 of the sample on this mailing list.
> 
> afa496ee1ffaba2ba17ddd50f9163bef  PaymentInvoice.jar
> 
> I'd really appreciate hearing from someone regarding whether this is a
> new virus or there is some other explanation about this file.
> 
> Thanks,
> Alex
> 
>> 
>> Thanks,
>> 
>> - Alain
>> 
>> On Mon, Oct 19, 2015 at 7:28 PM, Alex <mysqlstudent at gmail.com> wrote:
>> 
>>> Hi,
>>> I have a jar file that is apparently identified as a virus by
>>> Microsoft as "Trojan.Java.Adwind.af" but not a virus by either clamav
>>> or sophos. Microsoft apparently first identified this early this year,
>>> so I'm curious why it's not being tagged by clamav or sophos.
>>> 
>>> I know I can upload a sample, but I'm more interested in knowing if
>>> Microsoft is identifying this as an FP, or otherwise why clamav and
>>> sophos aren't identifying it.
>>> 
>>> Where can I upload a binary file and hopefully ask that someone
>>> investigate it for me?
>>> 
>>> Thanks so much,
>>> Alex
>>> _______________________________________________
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
>>> 
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

-Al-
-- 
Al Varnell
Mountain View, CA




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20151020/1f0390a6/attachment.bin>

More information about the clamav-users mailing list