[clamav-users] Identifying jar virus file
Rajesh M
24x7server at 24x7server.net
Sun Oct 25 15:31:50 UTC 2015
----- Original Message -----
From: Shaun Hurley [mailto:shahurle at sourcefire.com]
To: clamav-users at lists.clamav.net
Sent: Wed, 21 Oct 2015 07:29:57 -0400
Subject: Re: [clamav-users] Identifying jar virus file
Al,
This is not a false positive.
The file is malicious. I am working on making detection signatures for the
malware.
Thanks,
Shaun Hurley
On Tue, Oct 20, 2015 at 9:00 PM, Alex <mysqlstudent at gmail.com> wrote:
> Hi,
>
>
> On Tue, Oct 20, 2015 at 11:57 AM, Al Varnell <alvarnell at mac.com> wrote:
> > According to this, Sophos should see it as Troj/JavaBz-ZO:
> > <
> https://www.virustotal.com/en/file/f97ea502099c1bea8eb36e2f90e94feabf1a79652cd5c0f4384f91f65410aa9f/analysis/>
> submitted yesterday.
> >
> > Microsoft detects it as Trojan:Java/Adwind.P
> > and Kaspersky calls it Trojan.Java.Adwind.af
>
> Yes, I just submitted it to them and now they have it in their signatures.
>
> I'm just very surprised to see this virus wasn't already being
> detected by both clamav and sophos. It wasn't until the customer
> alerted me that their desktop scanner had caught it that we were made
> aware :-(
>
> Thanks,
> Alex
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
hi
as on today it is very difficult for clam to detect viruses. If you are running an email service it better to disallow all jar files using sane security foxhole database. pl see my previous post for the sane security foxhole_all.cdb to block all such possible virus carrier extensions.
rajesh
More information about the clamav-users
mailing list