I added detection in winnow_extended_malware.hdb which is distributed is the sanesecurity feed the day after the JAR was released. I also searched for the RAT and added signatures for that as well in winnow_malware_links.ndb
Signatures are identified as winnow.Trojan.GRIZZLY_STEPPE.<identifier> Tom > On Jan 4, 2017, at 10:26 AM, Andrew McGrath <[email protected]> wrote: > > I'm being asked a question by our security team that I am struggling > to answer. The question is "Does ClamAV detect Grizzly Steppe?". > > I've hunted around the archives, support pages and google, but do not > see any discussion about this, could anyone comment? > > Thank you! > _______________________________________________ > clamav-users mailing list > [email protected] > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
