> Steve, > > The samples I have of that one are being detected by ClamAV standard > sigs as Trojan.Peed-477. Wonder why you and some others didn't detect > it with standard sigs? Could this be a problem? Do you have samples > that were undetectable?
Not sure Tom... here's a quick test... Official only (up-to-date): Copy_7_of_install.zip: OK Copy_8_of_DHL_Label_95957.zip: OK Copy_8_of_install.zip: OK Copy_9_of_DHL_Label_95957.zip: OK Copy_9_of_install.zip: OK DHL_Label_8fb71.zip: OK \DHL_Label_95957.zip: OK DHL_Label_c60bd.zip: OK DHL_Label_d606e.zip: OK DHL_Label_f48bf.zip: OK install.zip: OK Postcard.zip: Trojan.Buzus-5795 FOUND Sent_10-14-09.zip: OK ----------- SCAN SUMMARY ----------- Known viruses: 667501 Engine version: 0.95.2 Scanned directories: 0 Scanned files: 99 Infected files: 1 Data scanned: 8.11 MB Data read: 3.01 MB (ratio 2.69:1) Time: 18.265 sec (0 m 18 s) Sanesecurity sigs: Copy_7_of_DHL_Label_95957.zip: Sanesecurity.Malware.12698.UNOFFICIAL FOUND Copy_7_of_install.zip: Sanesecurity.Rogue.736.UNOFFICIAL FOUND Copy_8_of_DHL_Label_95957.zip: Sanesecurity.Malware.12698.UNOFFICIAL FOUND Copy_8_of_install.zip: Sanesecurity.Rogue.736.UNOFFICIAL FOUND Copy_9_of_DHL_Label_95957.zip: Sanesecurity.Malware.12698.UNOFFICIAL FOUND Copy_9_of_install.zip: Sanesecurity.Rogue.736.UNOFFICIAL FOUND DHL_Label_8fb71.zip: Sanesecurity.Malware.12698.UNOFFICIAL FOUND DHL_Label_95957.zip: Sanesecurity.Malware.12698.UNOFFICIAL FOUND DHL_Label_c60bd.zip: Sanesecurity.Malware.12698.UNOFFICIAL FOUND DHL_Label_d606e.zip: Sanesecurity.Malware.12698.UNOFFICIAL FOUND DHL_Label_f48bf.zip: Sanesecurity.Malware.12698.UNOFFICIAL FOUND install.zip: Sanesecurity.Rogue.736.UNOFFICIAL FOUND Postcard.zip: Sanesecurity.Malware.11523.UNOFFICIAL FOUND Sent_10-14-09.zip: OK ----------- SCAN SUMMARY ----------- Known viruses: 264975 Engine version: 0.95.2 Scanned directories: 0 Scanned files: 99 Infected files: 98 Data scanned: 2.76 MB Data read: 3.01 MB (ratio 0.92:1) Time: 17.282 sec (0 m 17 s) A few common md5's: 1fb9d8caac345588129286cf03c2770b Copy_1_of_DHL_Label_f48bf.zip 7782e8231872ebba7817eb4a133f00d5 DHL_Label_c60bd.zip 80f416cefb580521df55c0fd934b25f3 Postcard.zip 94df42de96c74f15326e5e41dc47be09 DHL_Label_8fb71.zip 965cd03dd2886c57157d0f7d5b65bbfa DHL_Label_95957.zip 9cc44ce6bd99d42dd44cd4984edf0504 Copy_1_of_install.zip e18bb718da88c82b58dfb52d40f6a65a DHL_Label_d606e.zip If I get time later on I'll sort out some samples for you but snowed under at the min.. Cheers, Steve Sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
