[clamav-users] Virus Malvare not detected
Al Varnell
alvarnell at mac.com
Tue Nov 14 12:51:32 UTC 2017
You mentioned two attachments. Kaspersky and ClamXAV appear to catch the first one, but neither catch the second one you showed us. The SHA246 for a file is the same no matter what scanner is used.
-Al-
On Tue, Nov 14, 2017 at 04:36 AM, Emanuel wrote:
> the first scan is with kaspersky online
>
>
> El 14/11/17 a las 09:31, Al Varnell escribió:
>> That's not the same file you showed before. The SHA256 is different.
>>
>> -Al-
>>
>> On Tue, Nov 14, 2017 at 04:23 AM, Emanuel wrote:
>>> Please see
>>>
>>> https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/ <https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/> <https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/ <https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/>>
>>>
>>>
>>> El 14/11/17 a las 09:00, Al Varnell escribió:
>>>> According to VirusTotal, ClamAV does detect it as Doc.Dropper.Agent-6369707-0
>>>> <https://www.virustotal.com/en/file/142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/ <https://www.virustotal.com/en/file/142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/> <https://www.virustotal.com/en/file/142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/ <https://www.virustotal.com/en/file/142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/>>>
>>>>
>>>> but go ahead and try to submit it anyway.
>>>>
>>>> -Al-
>>>>
>>>> On Tue, Nov 14, 2017 at 03:33 AM, Emanuel wrote:
>>>>> Hello,
>>>>>
>>>>> I received two docs files in a email with the Subject "Invoice". The attachment is a malware virus, clamav not detected this.
>>>>>
>>>>> Scan with kaspersky
>>>>>
>>>>>
>>>>> Scan result
>>>>> File is infected
>>>>> Detected threats
>>>>> Trojan-Downloader.MSWord.Agent.bqx
>>>>> File size
>>>>> 144.95 KB
>>>>> File type
>>>>> OOXML/DOCUMENT
>>>>> Scan date
>>>>> Nov 14 2017 08:15:42
>>>>> Databases release date
>>>>> Nov 14 2017 10:36:04 UTC
>>>>> MD5
>>>>> 70bdc39f8f57e090bebc4616924cdadc
>>>>> SHA1
>>>>> ecf414f8523627a0d5d6637041f6e1e3bbcee62e
>>>>> SHA256
>>>>> 142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf
>>>>>
>>>>> it's possible to add manually this virus to the clamav database?
>>
>>
>>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
-Al-
--
Al Varnell
Mountain View, CA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20171114/a6b5f603/attachment.bin>
More information about the clamav-users
mailing list