Ged: The submitted sample for SHA256:fc1e483dbb60d49205e3d238b3d090e6cc7a49b775bf4e519aba7117ab3a5b43 did not pass our guardrail checks for eligible conviction and signature creation. I couldn't find a past run on Jotti matching this hash, too.
When submitting this file to the same service, I receive no alerts from any of the endpoint solutions:
https://virusscan.jotti.org/en-US/filescanjob/wh66zum612We did notice the filename provided was da741cdec6a0db5f40b79cbfbe300761450d216159ea83533d754d7de43cf6a3. Could this be the hash for the sample in question? We will need this particular file to be submitted, as we currently do not have a record of SHA256:da741cdec6a0db5f40b79cbfbe300761450d216159ea83533d754d7de43cf6a3 being submitted in the past. I also couldn't find the sample myself.
vze1amckv: We have record of SHA1:d2058d5fdd9c4551f7c888d6673a6dbc780b095d, but the submission form on
clamav.net is not in the submission list. We will investigate this missing entry. In the interim, I'll create a signature for the sample.
It's also important to keep in mind the complexities involved in handling bulk malware submissions from the community. Guardrails must be present to help prevent FPs on erroneous or intentional clean file submissions. Our team is also exploring new methods and resources to improve the processing of submissions, and we do appreciate the feedback provided by the ClamAV community to assist in these efforts.