[clamav-users] Grizzly Steppe
Al Varnell
alvarnell at mac.com
Wed Jan 4 22:12:08 UTC 2017
Can somebody with access to those samples run them against a virgin ClamAV signature database to answer the question? I'd be happy to if there are samples I can access.
-Al-
On Wed, Jan 04, 2017 at 07:33 AM, TR Shaw wrote:
>
> I added detection in winnow_extended_malware.hdb which is distributed is the sanesecurity feed the day after the JAR was released. I also searched for the RAT and added signatures for that as well in winnow_malware_links.ndb
>
> Signatures are identified as winnow.Trojan.GRIZZLY_STEPPE.<identifier>
>
> Tom
>
>
>> On Jan 4, 2017, at 10:26 AM, Andrew McGrath <andrew at checkout51.com> wrote:
>>
>> I'm being asked a question by our security team that I am struggling
>> to answer. The question is "Does ClamAV detect Grizzly Steppe?".
>>
>> I've hunted around the archives, support pages and google, but do not
>> see any discussion about this, could anyone comment?
>>
>> Thank you!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3573 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20170104/a80b3b7b/attachment.bin>
More information about the clamav-users
mailing list