[clamav-users] Virus Malvare not detected
Emanuel
emanuel.gonzalez at donweb.com
Tue Nov 14 12:52:54 UTC 2017
Scan the attachment, clamav not detect this file.
El 14/11/17 a las 09:51, Al Varnell escribió:
> You mentioned two attachments. Kaspersky and ClamXAV appear to catch the first one, but neither catch the second one you showed us. The SHA246 for a file is the same no matter what scanner is used.
>
> -Al-
>
> On Tue, Nov 14, 2017 at 04:36 AM, Emanuel wrote:
>> the first scan is with kaspersky online
>>
>>
>> El 14/11/17 a las 09:31, Al Varnell escribió:
>>> That's not the same file you showed before. The SHA256 is different.
>>>
>>> -Al-
>>>
>>> On Tue, Nov 14, 2017 at 04:23 AM, Emanuel wrote:
>>>> Please see
>>>>
>>>> https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/ <https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/> <https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/ <https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/>>
>>>>
>>>>
>>>> El 14/11/17 a las 09:00, Al Varnell escribió:
>>>>> According to VirusTotal, ClamAV does detect it as Doc.Dropper.Agent-6369707-0
>>>>> <https://www.virustotal.com/en/file/142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/ <https://www.virustotal.com/en/file/142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/> <https://www.virustotal.com/en/file/142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/ <https://www.virustotal.com/en/file/142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/>>>
>>>>>
>>>>> but go ahead and try to submit it anyway.
>>>>>
>>>>> -Al-
>>>>>
>>>>> On Tue, Nov 14, 2017 at 03:33 AM, Emanuel wrote:
>>>>>> Hello,
>>>>>>
>>>>>> I received two docs files in a email with the Subject "Invoice". The attachment is a malware virus, clamav not detected this.
>>>>>>
>>>>>> Scan with kaspersky
>>>>>>
>>>>>>
>>>>>> Scan result
>>>>>> File is infected
>>>>>> Detected threats
>>>>>> Trojan-Downloader.MSWord.Agent.bqx
>>>>>> File size
>>>>>> 144.95 KB
>>>>>> File type
>>>>>> OOXML/DOCUMENT
>>>>>> Scan date
>>>>>> Nov 14 2017 08:15:42
>>>>>> Databases release date
>>>>>> Nov 14 2017 10:36:04 UTC
>>>>>> MD5
>>>>>> 70bdc39f8f57e090bebc4616924cdadc
>>>>>> SHA1
>>>>>> ecf414f8523627a0d5d6637041f6e1e3bbcee62e
>>>>>> SHA256
>>>>>> 142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf
>>>>>>
>>>>>> it's possible to add manually this virus to the clamav database?
>>>
>>>
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
> -Al-
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
--
envialosimple.com <http://www.envialosimple.com>
Emanuel Gonzalez
Deliverability Specialist
emanuel.gonzalez at donweb.com <mailto:emanuel.gonzalez at donweb.com>
www.envialosimple.com <http://www.envialosimple.com>
by donweb <http://www.envialosimple.com>
Nota de confidencialidad: Este mensaje y archivos adjuntos al mismo son
confidenciales, de uso exclusivo para el destinatario del mismo. La
divulgación y/o uso del mismo sin autorización por parte de DonWeb.com
queda prohibida.
DonWeb.com no se hace responsable del mensaje por la falsificación y/o
alteración del mismo.
De no ser Ud el destinatario del mismo y lo ha recibido por error, por
favor, notifique al remitente y elimínelo de su sistema.
Confidentiality Note: This message and any attachments (the message) are
confidential and intended solely for the addressees. Any unauthorised
use or dissemination is prohibited by DonWeb.com.
DonWeb.com shall not be liable for the message if altered or falsified.
If you are not the intended addressee of this message, please cancel it
immediately and inform the sender
Nota de Confidencialidade: Esta mensagem e seus eventuais anexos podem
conter dados confidenciais ou privilegiados.
Se você os recebeu por engano ou não é um dos destinatários aos quais
ela foi endereçada, por favor destrua-a e a todos os seus eventuais
anexos ou copias realizadas, imediatamente.
É proibida a retenção, distribuição, divulgação ou utilização de
quaisquer informações aqui contidas.
Por favor, informenos sobre o recebimento indevido desta mensagem,
retornando-a para o autor.
More information about the clamav-users
mailing list