Hi guys, just submitted an "ace" archive with a .cmd inside. # sha1sum PROFORMA\ INVOICE_xls.ace 97757622d5d568b01faa9d662818eebd40b1e0c0 PROFORMA INVOICE_xls.ace
We've now disabled "ace" files (who even knew they existed?) On Thu, Jul 13, 2017 at 4:36 AM, <ungifte...@gmail.com> wrote: > > > 13.07.2017 05:32, Alex пишет: >> On Wed, Jul 12, 2017 at 3:02 PM, Alain Zidouemba >> <azidoue...@sourcefire.com> wrote: >>> Signature will be going out shortly. >> >> It's now detected thanks to the amazing work by Steve from >> sanesecurity. Also appreciate your help - perhaps his sig just hits >> first. >> >> I've also just submitted another unrelated to investigate. >> >> $ sha1sum GOOGLESER.doc >> d42e71932c866f9822c800fe46cd46bdf1b5e739 GOOGLESER.doc > > f4434f22ffc51edf9641140d1b747feeab6b5a6a SCAN50784502102.DOC > >> >>> >>> On Wed, Jul 12, 2017 at 2:52 PM, Alex <mysqlstud...@gmail.com> wrote: >>> >>>> Hi, we've received a word virus that isn't currently being detected by >>>> any scanners. I've submitted the FN, but would like to see if we can >>>> get that pushed out as soon as possible. >>>> >>>> $ sha1sum Invoice_SKMBT_20170501.doc >>>> 6cc1dd12fbc79311ebaf59e19e562ff63141f457 Invoice_SKMBT_20170501.doc >>>> >>>> It's not currently being found by any scanners: >>>> https://www.virustotal.com/en/file/5b10fb6d20649c246d970e521e4436 >>>> d70608bbb8c6d6128245d349c69a76ef10/analysis/ >>>> >>>> Also, there's some notes in the "comments" section of this post. What >>>> does it mean? How can I use that to my benefit in the future? >>>> >>>> Is there any way a postfix/amavisd/spamassassin/clamav user can >>>> benefit from this information by blocking based on that signature >>>> provided? >>>> _______________________________________________ >>>> clamav-users mailing list >>>> clamav-users@lists.clamav.net >>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>>> >>>> >>>> Help us build a comprehensive ClamAV guide: >>>> https://github.com/vrtadmin/clamav-faq >>>> >>>> http://www.clamav.net/contact.html#ml >>>> >>> _______________________________________________ >>> clamav-users mailing list >>> clamav-users@lists.clamav.net >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
