[clamav-users] Best place for Signature information

G.W. Haywood clamav at jubileegroup.co.uk
Mon Oct 14 13:03:31 EDT 2019


Hi there,

On Mon, 14 Oct 2019, Paul via clamav-users wrote:

> I am wanting to get as much info as possible on 
> Doc.Downloader.Emotet-7196349-0 which from my local searches first appeared 
> in daily.cvd on Oct 1. Searches for Doc.Downloader.Emotet-7196349-0 in the 
> clamamv-virusdb mailing produce nothing.
>
> is there somewhere else I should/can be looking

The naming of malware is always a bit of an issue.  Don't expect that
a name used by ClamAV will be recognized by the providers of any other
AV products; it might be and it might not.  Basically whoever finds it
first picks the name.  Sometimes several finders name the same thing
all at once with completely different names so it can get confusing.

Sounds like you've been bitten by this one.  If you have a sample of
the malware you can send it for example to Jotti's site.  You might
find several different names for it and the providers (a couple of
dozen I think) might have more information for you on their Websites.

https://virusscan.jotti.org/

-- 

73,
Ged.


More information about the clamav-users mailing list