Tom, It's not that I don't want to use your sigs, but in order to assist ClamXav users I need my setup to match theirs and it currently only uses ClamXav macOS/OS X specific unofficial. There is talk of adding others in the future, but not now.
-Al- On Wed, Jan 04, 2017 at 02:17 PM, TR Shaw wrote: > > Doesn’t detect to RAT > > Al, if you don’t want to run my unofficial sigs I would be happy to provide > them to Joel for incorporation into official db. > > > >> On Jan 4, 2017, at 5:12 PM, Al Varnell <[email protected]> wrote: >> >> Can somebody with access to those samples run them against a virgin ClamAV >> signature database to answer the question? I'd be happy to if there are >> samples I can access. >> >> -Al- >> >> On Wed, Jan 04, 2017 at 07:33 AM, TR Shaw wrote: >>> >>> I added detection in winnow_extended_malware.hdb which is distributed is >>> the sanesecurity feed the day after the JAR was released. I also searched >>> for the RAT and added signatures for that as well in >>> winnow_malware_links.ndb >>> >>> Signatures are identified as winnow.Trojan.GRIZZLY_STEPPE.<identifier> >>> >>> Tom >>> >>> >>>> On Jan 4, 2017, at 10:26 AM, Andrew McGrath <[email protected]> wrote: >>>> >>>> I'm being asked a question by our security team that I am struggling >>>> to answer. The question is "Does ClamAV detect Grizzly Steppe?". >>>> >>>> I've hunted around the archives, support pages and google, but do not >>>> see any discussion about this, could anyone comment? >>>> >>>> Thank you!
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
