[clamav-users] Question about Urlhaus.Malware.452652-9766253-0
Orion Poplawski
orion at nwra.com
Wed Dec 23 18:10:48 UTC 2020
Can anyone give me some details about the Urlhaus.Malware.452652-9766253-0
signature? We're seeing following URLs trigger it:
https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt
https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt
https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt
https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt
Which seems to be the online update URLs for the urlhaus filter. Does ClamAV
deem urlhaus a bad actor?
Thanks,
Orion
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 https://www.nwra.com/
More information about the clamav-users
mailing list