[clamav-users] Grizzly Steppe
Reindl Harald
h.reindl at thelounge.net
Wed Jan 4 23:23:11 UTC 2017
Am 04.01.2017 um 23:12 schrieb Al Varnell:
> Can somebody with access to those samples run them against a virgin ClamAV signature database to answer the question? I'd be happy to if there are samples I can access.
official, virgin signatures don't and probably will never recognize
recent malware and following this list you should know this already
> On Wed, Jan 04, 2017 at 07:33 AM, TR Shaw wrote:
>>
>> I added detection in winnow_extended_malware.hdb which is distributed is the sanesecurity feed the day after the JAR was released. I also searched for the RAT and added signatures for that as well in winnow_malware_links.ndb
>>
>> Signatures are identified as winnow.Trojan.GRIZZLY_STEPPE.<identifier>
>>
>> Tom
>>
>>
>>> On Jan 4, 2017, at 10:26 AM, Andrew McGrath <andrew at checkout51.com> wrote:
>>>
>>> I'm being asked a question by our security team that I am struggling
>>> to answer. The question is "Does ClamAV detect Grizzly Steppe?".
>>>
>>> I've hunted around the archives, support pages and google, but do not
>>> see any discussion about this, could anyone comment?
More information about the clamav-users
mailing list