[clamav-users] Submission Status
Crap
crap at the-tiddler.co.uk
Sun Feb 7 00:05:19 UTC 2016
> I'm cleaning a server
> that got badly infected,
I know this doesn't answer the OP, but destroy the server and treat all data as compromised.
Rebuild for a fresh trusted base and attempt to clean the data away from the original server..
-- ant
> On 6 Feb 2016, at 23:41, Jesse Nicholson <ascensionsystems at gmail.com> wrote:
>
> Where/how can I check on the status of a submission? I'm cleaning a server
> that got badly infected, and while doing so discovered what I believe to be
> a PHP exploit that maldet and clamav don't have definitions for. Virustotal
> also has 0 hits on it. However, I'm sure it's malicious because the main
> function block is double base 64 encoded, everything else that interacts
> with it is salted and random. Decoding the main function block, there
> appears to functions to compress local files and xfer them to unknown
> locations.
>
> Anyway I've successfully created a definition for it, have nearly 300 hits
> and am curious about following up after I've submitted one sample via the
> website. Never done anything like this before, so looking for
> guidance/advice.
>
> --
> Jesse Nicholson
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list