[clamav-users] Malware/ransomware and Yara signatures with clamav
Alain Zidouemba
azidouemba at sourcefire.com
Sat May 13 17:32:20 UTC 2017
For "WannaCry", look for ClamAV signatures:
Win.Ransomware.WannaCry-*
Alain
On Sat, May 13, 2017 at 1:24 PM, Alain Zidouemba <azidouemba at sourcefire.com>
wrote:
> Yara rules have been supported by ClamAV since 2015:
> http://blog.clamav.net/2015/06/clamav-099b-meets-yara.html
>
> - Alain
>
> On Sat, May 13, 2017 at 1:16 PM, Alex <mysqlstudent at gmail.com> wrote:
>
>> Hi,
>>
>> So you've probably heard of the latest ransomware dubbed WannaCry. I'm
>> wondering if anyone has figured out a way to integrate the yara
>> signatures for these types of exploits with spamassassin?
>>
>> https://www.us-cert.gov/ncas/alerts/TA17-132A
>>
>> What is the status of development of integration of yara rules into
>> clamav?
>>
>> I submitted two more password encrypted word macro viruses as
>> false-positives to the clamav team several days ago, and they still
>> aren't being marked properly. I need another way to more quickly
>> identify vulnerabilities and exploits.
>>
>> Thanks,
>> Alex
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
More information about the clamav-users
mailing list