[clamav-users] Perplexing response to malware submission.
G.W. Haywood
clamav at jubileegroup.co.uk
Thu Aug 5 07:12:03 UTC 2021
Hi there,
We have just received this response to one of our automated submissions:
8<----------------------------------------------------------------------
On Thu, 5 Aug 2021, noreply at clamav.com wrote:
> G.W. Haywood,
>
> Thank you again for your submission.
>
> Your File: da741cdec6a0db5f40b79cbfbe300761450d216159ea83533d754d7de43cf6a3
> (SHA256: fc1e483dbb60d49205e3d238b3d090e6cc7a49b775bf4e519aba7117ab3a5b43)
>
> Our initial assessment shows that this file is possibly clean. If
> you provided a description that suggests otherwise, we will further
> examine the sample & proceed from there.
>
> -The ClamAV team
8<----------------------------------------------------------------------
Here's the result of our check against fifteen scanners, available via
Jotti's extremely useful service, and which is run before each of the
submissions made by our system:
8<----------------------------------------------------------------------
clamav.net Found nothing
f-prot.com Found nothing
k7computing.com Found nothing
trendmicro.com Found nothing
fortinet.com MSIL/Kryptik.DZG!tr
eset.com MSIL/Spy.Agent.AES
sophos.com Mal/RarMal-C
anti-virus.by Malware-Cryptor.MSIL.AgentTesla.Heur
bitdefender.com Trojan.GenericKD.46737949
escanav.com Trojan.GenericKD.46737949
gdatasoftware.com Trojan.GenericKD.46737949
ikarus.at Trojan.Inject
drweb.com Trojan.PackedNET.964
f-secure.com Trojan:W32/MaliciousAttachment.F
avast.com Win32:PWSX-gen
8<----------------------------------------------------------------------
This is one of the clearer threat reports, and I'm surprised by the
initial assessment from the ClamAV team. The report was sent using
the 'clamsubmit' utility, which does not offer an option to provide
a description of the malware.
What should I do now?
--
73,
Ged.
More information about the clamav-users
mailing list