[clamav-users] Determine if ClamAV is looking for a specific piece of ransomware (Linux)
G.W. Haywood
clamav at jubileegroup.co.uk
Mon Nov 4 23:54:20 UTC 2019
Hi there,
On Mon, 4 Nov 2019, Scott Shannon via clamav-users wrote:
> I’m attempting to determine if a specific ransomware, Friedex.d, a
> variant of Iencrypt, is being scanned for ...
It isn't clear to me if you have a ClamAV installation or not. If you
do, you can presumably get a copy of the malware and scan for it. If
you don't, and you don't want to, then you could submit a sample to a
Website like Jotti's:
https://virusscan.jotti.org/
which will scan it using a couple of dozen scanners, ClamAV included.
> ... with the current definitions.
Please define "the current definitions". :) There are many third-party
signatures. Depending on requirements at a particular site, they may or
may not be in use at that site. For example, I'm mainly interested in
filtering mail for spam. So I use a lot of third party spam signatures
but I make little effort to add to ClamAV's 'official' virus database.
> I came across an article that basically said to dump the database
> and search for the name...
But which name? There's no universal naming convention for malware.
However, in this case, maybe you're in luck:
$ grep -ia friedex /var/lib/clamav/databases/*
daily.cld:Win.Ransomware.Friedex-6961100-0;Engine:81-255,Target:1;[snip]
Of course there could be a whole family of the little varmints.
> ... I can’t find anywhere on the website to submit data for a known
> piece of ransomware ...
My first search:
https://www.bing.com/search?q=clamav+submit+virus
The first hit:
https://www.clamav.net/reports/malware
But it would be as well to check first that it isn't already covered.
--
73,
Ged.
More information about the clamav-users
mailing list