[clamav-users] Question about sending sample process

Al Varnell alvarnell at mac.com
Tue Nov 6 10:03:57 UTC 2018


Luca

It's possible that some of the failure to detect is due to your using an outdated version of ClamAV. Some signature only work with more recent versions. You should probably focus on upgrading before submitting any undetected samples.

-Al-
ClamXAV User

On Tue, Nov 06, 2018 at 01:46 AM, Luca Moscato wrote:
> Hi everyone, one of our customers notify us that the AV we use (clamav of course) does not detect some of malware downloadable from das malwerk usued for testing.
> 
> Pretty strange situation, so we decided to download all malwares from that site and send as a sample using command line interface
> 
> [luca at amazon-ami:~]$ clamsubmit -n /home/luca/malware/d77aca7d-f9f1-11e7-b482-80e65024849a.file -N luca -e luca at funambol.com <mailto:luca at funambol.com>
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>302 Found</title>
> </head><body>
> <h1>Found</h1>
> <p>The document has moved <a href="http://www.clamav.net/sendmalware.cgi <http://www.clamav.net/sendmalware.cgi>">here</a>.</p>
> </body></html>
> [luca at amazon-ami:~]$
> 
> Question 1 - Is this process correct to send samples?
> 
> Question 2 - How much time is required to validate a sample and get the A/V db updated? Days? Months?
> 
> Some notes:
> 
> - I'm using Amazon linux and clamav version available in amz linux repo, db should be updated with freshclam
> 
> [luca at amazon-ami:~]$ sudo freshclam
> ClamAV update process started at Tue Nov  6 09:36:41 2018
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.99.4 Recommended version: 0.100.2
> DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav <http://www.clamav.net/documents/upgrading-clamav>
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
> daily.cld is up to date (version: 25095, sigs: 2143057, f-level: 63, builder: neo)
> bytecode.cld is up to date (version: 327, sigs: 91, f-level: 63, builder: neo)
> 
> - I have all links and script (see attach) to quick download all stuff from das_malwerk
> 
> - Actually a scan of all the stuff retrieved from that website have this results while I expect to have a 100%
> 
> ----------- SCAN SUMMARY -----------
> Known viruses: 6702413
> Engine version: 0.99.4
> Scanned directories: 1
> Scanned files: 1488
> Infected files: 964
> Data scanned: 1125.26 MB
> Data read: 1195.11 MB (ratio 0.94:1)
> Time: 361.283 sec (6 m 1 s)
> 
> 
> Thanks and have a nice day
> 
> Luca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181106/23fdb6a9/attachment.htm>


More information about the clamav-users mailing list