[clamav-users] Reporting malware/false negatives
Joel Esler (jesler)
jesler at cisco.com
Wed Mar 22 13:50:01 UTC 2017
I just added Doc.Dropper.Agent-6136130-0 to the scan system, it should be published today.
--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>
On Mar 22, 2017, at 9:43 AM, Alex <mysqlstudent at gmail.com<mailto:mysqlstudent at gmail.com>> wrote:
Hi,
How long does it typically take for a sample to be analyzed and a
pattern to be created?
Generally speaking, a couple hours (sometimes 4, sometimes 8, depending on automation schedules) Because it was encrypted, it may be a bit more difficult, so I'll have to look into it. What is the sha256 hash of the file?
# sha256sum r564t97y168d2.docx
a68e789e8306e697874d155191376124e13e44f144b11a678a37e44036a3668d
r564t97y168d2.docx
I also included the password to decrypt it, "Vo1UPMQBgITg" as was
included with the email when it was received.
I don't even bother reporting them to sophos, et al because it's
sometimes days before they're added. I was expecting better from
clamav...
Interesting, considering Sophos is not a free product.
Yes, sometimes (most times?) it's days.
alex
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list