----- Original Message ----- From: Shaun Hurley [mailto:[email protected]] To: [email protected] Sent: Wed, 21 Oct 2015 07:29:57 -0400 Subject: Re: [clamav-users] Identifying jar virus file
Al, This is not a false positive. The file is malicious. I am working on making detection signatures for the malware. Thanks, Shaun Hurley On Tue, Oct 20, 2015 at 9:00 PM, Alex <[email protected]> wrote: > Hi, > > > On Tue, Oct 20, 2015 at 11:57 AM, Al Varnell <[email protected]> wrote: > > According to this, Sophos should see it as Troj/JavaBz-ZO: > > < > https://www.virustotal.com/en/file/f97ea502099c1bea8eb36e2f90e94feabf1a79652cd5c0f4384f91f65410aa9f/analysis/> > submitted yesterday. > > > > Microsoft detects it as Trojan:Java/Adwind.P > > and Kaspersky calls it Trojan.Java.Adwind.af > > Yes, I just submitted it to them and now they have it in their signatures. > > I'm just very surprised to see this virus wasn't already being > detected by both clamav and sophos. It wasn't until the customer > alerted me that their desktop scanner had caught it that we were made > aware :-( > > Thanks, > Alex > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml hi as on today it is very difficult for clam to detect viruses. If you are running an email service it better to disallow all jar files using sane security foxhole database. pl see my previous post for the sane security foxhole_all.cdb to block all such possible virus carrier extensions. rajesh _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
