[clamav-users] Grizzly Steppe
Al Varnell
alvarnell at mac.com
Wed Jan 4 22:23:31 UTC 2017
Tom,
It's not that I don't want to use your sigs, but in order to assist ClamXav users I need my setup to match theirs and it currently only uses ClamXav macOS/OS X specific unofficial. There is talk of adding others in the future, but not now.
-Al-
On Wed, Jan 04, 2017 at 02:17 PM, TR Shaw wrote:
>
> Doesn’t detect to RAT
>
> Al, if you don’t want to run my unofficial sigs I would be happy to provide them to Joel for incorporation into official db.
>
>
>
>> On Jan 4, 2017, at 5:12 PM, Al Varnell <alvarnell at mac.com> wrote:
>>
>> Can somebody with access to those samples run them against a virgin ClamAV signature database to answer the question? I'd be happy to if there are samples I can access.
>>
>> -Al-
>>
>> On Wed, Jan 04, 2017 at 07:33 AM, TR Shaw wrote:
>>>
>>> I added detection in winnow_extended_malware.hdb which is distributed is the sanesecurity feed the day after the JAR was released. I also searched for the RAT and added signatures for that as well in winnow_malware_links.ndb
>>>
>>> Signatures are identified as winnow.Trojan.GRIZZLY_STEPPE.<identifier>
>>>
>>> Tom
>>>
>>>
>>>> On Jan 4, 2017, at 10:26 AM, Andrew McGrath <andrew at checkout51.com> wrote:
>>>>
>>>> I'm being asked a question by our security team that I am struggling
>>>> to answer. The question is "Does ClamAV detect Grizzly Steppe?".
>>>>
>>>> I've hunted around the archives, support pages and google, but do not
>>>> see any discussion about this, could anyone comment?
>>>>
>>>> Thank you!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3573 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20170104/238c32d4/attachment.bin>
More information about the clamav-users
mailing list