[clamav-users] Is there anything to do about encrypted viruses?
Al Varnell
alvarnell at mac.com
Tue Dec 22 11:46:13 UTC 2020
When you submit it, be sure to include the password so that the ClamAV signature team can properly asses it and provide a hash signature for the zip file.
-Al-
> On Dec 22, 2020, at 03:32, Alessandro Vesely via clamav-users <clamav-users at lists.clamav.net> wrote:
>
> Hi all,
>
>
> today I received a message with an encrypted zip attachment. I saved the attachment and loaded it to VirusTotal, where no scanner detected anything:
> https://www.virustotal.com/gui/file/2cef2c979e60c1e2892e6a494814dd65db14c2076102279e6e74737d36c115a5/detection
>
> Then I unzipped the file using the password given in the message text, uploaded the only extracted file and got plenty of VBA / W97M malware:
> https://www.virustotal.com/gui/file/99b352442e1351334d5e68e7f12469dc7f2790e6ae44b05be7dcd03739211f1f/detection
>
> I spare reporting this malware to ClamAV, as it seems hopeless to me. Am I wrong?
>
>
> Best
> Ale
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4376 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20201222/0fe1094e/attachment.bin>
More information about the clamav-users
mailing list