[clamav-users] Perplexing response to malware submission.
vze1amckv at verizon.net
vze1amckv at verizon.net
Thu Aug 5 13:43:59 UTC 2021
In June I manually submitted a suspicious Javascript file and got "Our
initial assessment has verified the sample as a threat & we will be
publishing signatures for ClamAV." But even a month after I submitted,
Jotti still reported that ClamAV didn't detect the file.
So I tried re-submitting it again via the web form but subsequent
submissions of the same file got no response. As of today, Jotti still
says that ClamAV doesn't detect it.
The SHA1 hash of the suspicious file in question is
d2058d5fdd9c4551f7c888d6673a6dbc780b095d. Thank you.
On 8/5/21 3:12 AM, G.W. Haywood via clamav-users wrote:
> Hi there,
>
> We have just received this response to one of our automated submissions:
>
> 8<----------------------------------------------------------------------
> On Thu, 5 Aug 2021, noreply at clamav.com wrote:
>
>> G.W. Haywood,
>>
>> Thank you again for your submission.
>>
>> Your File:
>> da741cdec6a0db5f40b79cbfbe300761450d216159ea83533d754d7de43cf6a3
>> (SHA256:
>> fc1e483dbb60d49205e3d238b3d090e6cc7a49b775bf4e519aba7117ab3a5b43)
>>
>> Our initial assessment shows that this file is possibly clean. If
>> you provided a description that suggests otherwise, we will further
>> examine the sample & proceed from there.
>>
>> -The ClamAV team
> 8<----------------------------------------------------------------------
>
> Here's the result of our check against fifteen scanners, available via
> Jotti's extremely useful service, and which is run before each of the
> submissions made by our system:
>
> 8<----------------------------------------------------------------------
> clamav.net Found nothing
> f-prot.com Found nothing
> k7computing.com Found nothing
> trendmicro.com Found nothing
> fortinet.com MSIL/Kryptik.DZG!tr
> eset.com MSIL/Spy.Agent.AES
> sophos.com Mal/RarMal-C
> anti-virus.by Malware-Cryptor.MSIL.AgentTesla.Heur
> bitdefender.com Trojan.GenericKD.46737949
> escanav.com Trojan.GenericKD.46737949
> gdatasoftware.com Trojan.GenericKD.46737949
> ikarus.at Trojan.Inject
> drweb.com Trojan.PackedNET.964
> f-secure.com Trojan:W32/MaliciousAttachment.F
> avast.com Win32:PWSX-gen
> 8<----------------------------------------------------------------------
>
> This is one of the clearer threat reports, and I'm surprised by the
> initial assessment from the ClamAV team. The report was sent using
> the 'clamsubmit' utility, which does not offer an option to provide
> a description of the malware.
>
> What should I do now?
>
More information about the clamav-users
mailing list