[clamav-users] Perplexing response to malware submission.

vze1amckv at verizon.net vze1amckv at verizon.net
Thu Aug 5 13:43:59 UTC 2021 

In June I manually submitted a suspicious Javascript file and got "Our 
initial assessment has verified the sample as a threat & we will be 
publishing signatures for ClamAV."  But even a month after I submitted, 
Jotti still reported that ClamAV didn't detect the file.

So I tried re-submitting it again via the web form but subsequent 
submissions of the same file got no response. As of today, Jotti still 
says that ClamAV doesn't detect it.

The SHA1 hash of the suspicious file in question is 
d2058d5fdd9c4551f7c888d6673a6dbc780b095d.  Thank you.

On 8/5/21 3:12 AM, G.W. Haywood via clamav-users wrote:
> Hi there,
> 
> We have just received this response to one of our automated submissions:
> 
> 8<----------------------------------------------------------------------
> On Thu, 5 Aug 2021, noreply at clamav.com wrote:
> 
>> G.W. Haywood,
>>
>> Thank you again for your submission.
>>
>> Your File: 
>> da741cdec6a0db5f40b79cbfbe300761450d216159ea83533d754d7de43cf6a3
>> (SHA256: 
>> fc1e483dbb60d49205e3d238b3d090e6cc7a49b775bf4e519aba7117ab3a5b43)
>>
>> Our initial assessment shows that this file is possibly clean. If
>> you provided a description that suggests otherwise, we will further
>> examine the sample & proceed from there.
>>
>> -The ClamAV team
> 8<----------------------------------------------------------------------
> 
> Here's the result of our check against fifteen scanners, available via
> Jotti's extremely useful service, and which is run before each of the
> submissions made by our system:
> 
> 8<----------------------------------------------------------------------
> clamav.net        Found nothing
> f-prot.com        Found nothing
> k7computing.com        Found nothing
> trendmicro.com        Found nothing
> fortinet.com        MSIL/Kryptik.DZG!tr
> eset.com        MSIL/Spy.Agent.AES
> sophos.com        Mal/RarMal-C
> anti-virus.by        Malware-Cryptor.MSIL.AgentTesla.Heur
> bitdefender.com        Trojan.GenericKD.46737949
> escanav.com        Trojan.GenericKD.46737949
> gdatasoftware.com    Trojan.GenericKD.46737949
> ikarus.at        Trojan.Inject
> drweb.com        Trojan.PackedNET.964
> f-secure.com        Trojan:W32/MaliciousAttachment.F
> avast.com        Win32:PWSX-gen
> 8<----------------------------------------------------------------------
> 
> This is one of the clearer threat reports, and I'm surprised by the
> initial assessment from the ClamAV team.  The report was sent using
> the 'clamsubmit' utility, which does not offer an option to provide
> a description of the malware.
> 
> What should I do now?
>

More information about the clamav-users mailing list