[clamav-users] javascript ZIP virus not caught?
Scott Galambos
scottg at particlesoftware.com
Tue Mar 15 04:08:46 UTC 2016
Scanning these ZIP/.js viruses has a hit rate of about 35%. 35% of all
antivirus packages will say they are viruses. For example running one
through https://www.virustotal.com will say out of about 53 antivirus
programs, 16 flag it as a virus.
They are definitely malware and should be stopped.
--
Thanks for the response. All I know is I keep getting them, and they
are definitely unwanted. Here are a couple examples (I've renamed them):
http://sites.extremehosting.ca/temp/
On 2016-03-14 11:52 PM, Al Varnell wrote:
> I don’t have any answers, but you have raised my curiosity level.
> What exactly is the threat from these javascript files you are
> finding? In checking the over four million virus signatures provided
> in the official ClamAV database, I see there are only 440 labeled as
> “.js” based and 94% of those are in the main.cvd which means they are
> old. Of the 28 in daily.cvd, 22 are labeled as PUA (potentially
> unwanted applications) which normally indicate low/no threat. I’d
> have to conclude that either there have not been sufficient js file
> samples submitted which turn out to be threats or they are somehow
> low priority to the signature writers here.
>
> Perhaps I’m just out-of-touch since I deal almost exclusively with
> Apple Mac threats, but as far as I know there are no e-mail
> javascript threats to OS X or it’s applications and about the worst
> we see via web browsers are fake ransomeware and tech-support
> pop-ups.
>
> -Al-
>
> On Mon, Mar 14, 2016 at 08:03 PM, Scott Galambos wrote:
>>
>> I've upgraded to the latest Clamav 0.99.1 on Linux/Sendmail and it
>> still is not catching all these ZIP files with .js files inside
>> them. Is clamav suppose to stop these?
>>
>> I constantly get these messages with .ZIP attachments that I would
>> think clamav should stop. Am I expecting too much? missing
>> something?=
>>
>>
>> _______________________________________________ Help us build a
>> comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#mlT
More information about the clamav-users
mailing list