[clamav-users] Question about Urlhaus.Malware.452652-9766253-0
Kris Deugau
kdeugau at vianet.ca
Wed Dec 23 20:17:51 UTC 2020
Orion Poplawski wrote:
> Can anyone give me some details about the Urlhaus.Malware.452652-9766253-0
> signature? We're seeing following URLs trigger it:
>
> https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt
> https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt
> https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt
> https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt
>
> Which seems to be the online update URLs for the urlhaus filter. Does ClamAV
> deem urlhaus a bad actor?
No, but that signature matches a line in that file. Which should be
expected since the Clam signature is presumably derived from the
original source for that file.
-kgd
More information about the clamav-users
mailing list