[clamav-users] Signature not detected
Steve Basford
steveb_clamav at sanesecurity.com
Tue Jul 18 06:42:58 UTC 2017
On Mon, July 17, 2017 10:22 pm, Alex wrote:
> Hi guys, just submitted an "ace" archive with a .cmd inside.
>
>
> # sha1sum PROFORMA\ INVOICE_xls.ace
> 97757622d5d568b01faa9d662818eebd40b1e0c0 PROFORMA INVOICE_xls.ace
>
Hi,
I've added Sanesecurity.Malware.27099.AceHeur.Cmd to the detections...
> We've now disabled "ace" files (who even knew they existed?)
I used to use .ace a loooog time ago... but for those that don't know...
" ACE is a proprietary data compression archive file format developed by
Marcel Lemke, and later bought by e-merge GmbH. The peak of its popularity
was 1999–2001, when it provided slightly better compression rates than
RAR, which has since become more popular."
Source: https://en.wikipedia.org/wiki/ACE_(compression_file_format)
Also, a few .ace files that have come through... aren't really ace files
but renamed rar files... in this case though it's an ace file.
--
Cheers,
Steve
Twitter: @sanesecurity
More information about the clamav-users
mailing list