On Jun 24, 2014, at 11:01 AM, Bowie Bailey <bowie_bai...@buc.com<mailto:bowie_bai...@buc.com>> wrote: On 6/24/2014 9:53 AM, Walter Bürger wrote: Hi dear ClamAV team,
I submitted the same file as yesterday to virustotal.com<http://virustotal.com/>: Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe (MD5 ad690be247dda635781e20887fcac0e7) 30 out of 54 scanners detected a virus (NOD32 named it Win32/Emotet.AA) but ClamAV did not detect it. I am just curious why ClamAV still can't detect it. AFAIK, virustotal only uses the official signatures. Your samples were detected by a Sanesecurity unofficial signature. Correct. Steve, If SaneSecurity wants to push the sig into the official set, you can get in touch with us at any time, which we’ll give you and your team full credit for. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Vulnerability Research Team _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
