[clamav-users] Virus Signature Submitted on 17/10/2016

Mon Nov 7 19:10:53 UTC 2016

So it seems to me if only one scanner detects this “test” file then it’s far from being the universal industry standard test file that EICAR is.  Maybe I’m missing something, but your penetration testers would appear to be a fraud or shill for AVG or both?  I’m not sure why the Cisco/ClamAV folks would be interested in it without a more persuasive argument.

-Al-

On Mon, Nov 07, 2016 at 08:26 AM, Richard McCombie wrote:
> 
> Thanks Al.
> 
> virustotal.com doesn't show any problems with the file, but a site called
> Gary's Hood does:
> 
> https://www.virustotal.com/en/file/14b2420f7490e612b9f0c65af180268b2ad41c3ec209b42f4d085aacb8ef973f/analysis/1478535605/
> 
> http://www.garyshood.com/virus/results.php?r=13710b10bf25b727cbf32c29d9ba3a56
> 
> 
> The penetration testers use the file (MD5 #:
> 13710b10bf25b727cbf32c29d9ba3a56) as part of their AV testing.
> 
> 
> R
> 
> On 7 November 2016 at 16:12, Al Varnell <alvarnell at mac.com> wrote:
> 
>> Try uploading it to <https://www.virustotal.com/> and give us the link to
>> the analysis page.  I don’t find that anything with that MD5 has been
>> uploaded.
>> 
>> -Al-
>> 
>> On Mon, Nov 07, 2016 at 07:25 AM, Richard McCombie wrote:
>>> 
>>> I uploaded a small ASCII-format file, which, like the EICAR test file, is
>>> supposed to trigger a warning from AV software. I'd be happy to email
>> this
>>> to the appropriate address, but I won't do that until someone can confirm
>>> which address I can use without breaking any rules.
>>> 
>>> Thank you for your help.
>>> 
>>> On 7 November 2016 at 15:21, Al Varnell wrote:
>>> 
>>>> I’m a bit confused by this. Did you send a virus signature or did you
>>>> upload malware? Those are not at all the same thing.
>>>> 
>>>> -Al-
>>>> 
>>>> On Mon, Nov 07, 2016 at 06:05 AM, Richard McCombie wrote:
>>>>> 
>>>>> Thanks Joel.
>>>>> 
>>>>> I have subscribed to community-sigs; the welcome message informs me
>> that
>>>>> virus samples are not to be sent to the list:
>>>>> 
>>>>> Welcome to the Community-sigs at lists.clamav.net mailing list! DO NOT
>>>>> SEND VIRUS SAMPLES HERE!!! Send them through our web interface at
>>>>> http://www.clamav.net/sendvirus
>>>>> 
>>>>> On 7 November 2016 at 14:01, Joel Esler (jesler) wrote:
>>>>> 
>>>>>> The processing that comes in through the website is largely automated.
>>>>>> Submitting signatures should be done through the community-sigs list,
>>>>>> until
>>>>>> we make a submission method through the website.
>>>>>> 
>>>>>> Sent from my iPad
>>>>>> 
>>>>>> On Nov 7, 2016, at 6:45 AM, Richard McCombie wrote:
>>>>>>> 
>>>>>>> Good morning,
>>>>>>> 
>>>>>>> I submitted a virus signature (at http://www.clamav.net/reports/
>>>>>>> malware
>>>>>>> )
>>>>>>> on 17th October. I used the name Richard McCombie for this.
>>>>>>> 
>>>>>>> It would be great if you could incorporate this virus sample into
>> your
>>>>>>> database of virus signatures. I am working on helping a client pass
>>>>>>> their
>>>>>>> penetration test; they are currently failing the test, because this
>>>>>>> virus
>>>>>>> sample, which is detected as a virus by other scanners, passes the
>>>>>>> ClamAV
>>>>>>> scan undetected.
>>>>>>> 
>>>>>>> The MD5 hash of the file I submitted is:
>> 13710b10bf25b727cbf32c29d9ba3a
>>>>>>> 56
>>>>>>> 
>>>>>>> If you want me to resubmit this file, that is no problem.
>>>>>>> 
>>>>>>> Many thanks, in advance,
>>>>>>> 
>>>>>>> 
>>>>>>> Richard
>> 
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml

-Al-
-- 
Al Varnell
Mountain View, CA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3573 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20161107/9f84cc94/attachment.bin>