You mentioned two attachments. Kaspersky and ClamXAV appear to catch the first one, but neither catch the second one you showed us. The SHA246 for a file is the same no matter what scanner is used.
-Al- On Tue, Nov 14, 2017 at 04:36 AM, Emanuel wrote: > the first scan is with kaspersky online > > > El 14/11/17 a las 09:31, Al Varnell escribió: >> That's not the same file you showed before. The SHA256 is different. >> >> -Al- >> >> On Tue, Nov 14, 2017 at 04:23 AM, Emanuel wrote: >>> Please see >>> >>> https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/ >>> >>> <https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/> >>> >>> <https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/ >>> >>> <https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/>> >>> >>> >>> El 14/11/17 a las 09:00, Al Varnell escribió: >>>> According to VirusTotal, ClamAV does detect it as >>>> Doc.Dropper.Agent-6369707-0 >>>> <https://www.virustotal.com/en/file/142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/ >>>> >>>> <https://www.virustotal.com/en/file/142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/> >>>> >>>> <https://www.virustotal.com/en/file/142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/ >>>> >>>> <https://www.virustotal.com/en/file/142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/>>> >>>> >>>> but go ahead and try to submit it anyway. >>>> >>>> -Al- >>>> >>>> On Tue, Nov 14, 2017 at 03:33 AM, Emanuel wrote: >>>>> Hello, >>>>> >>>>> I received two docs files in a email with the Subject "Invoice". The >>>>> attachment is a malware virus, clamav not detected this. >>>>> >>>>> Scan with kaspersky >>>>> >>>>> >>>>> Scan result >>>>> File is infected >>>>> Detected threats >>>>> Trojan-Downloader.MSWord.Agent.bqx >>>>> File size >>>>> 144.95 KB >>>>> File type >>>>> OOXML/DOCUMENT >>>>> Scan date >>>>> Nov 14 2017 08:15:42 >>>>> Databases release date >>>>> Nov 14 2017 10:36:04 UTC >>>>> MD5 >>>>> 70bdc39f8f57e090bebc4616924cdadc >>>>> SHA1 >>>>> ecf414f8523627a0d5d6637041f6e1e3bbcee62e >>>>> SHA256 >>>>> 142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf >>>>> >>>>> it's possible to add manually this virus to the clamav database? >> >> >> >> _______________________________________________ >> clamav-users mailing list >> [email protected] <mailto:[email protected]> >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml -Al- -- Al Varnell Mountain View, CA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
