Hi there, On Mon, 4 Nov 2019, Scott Shannon via clamav-users wrote:
I’m attempting to determine if a specific ransomware, Friedex.d, a variant of Iencrypt, is being scanned for ...
It isn't clear to me if you have a ClamAV installation or not. If you do, you can presumably get a copy of the malware and scan for it. If you don't, and you don't want to, then you could submit a sample to a Website like Jotti's: https://virusscan.jotti.org/ which will scan it using a couple of dozen scanners, ClamAV included.
... with the current definitions.
Please define "the current definitions". :) There are many third-party signatures. Depending on requirements at a particular site, they may or may not be in use at that site. For example, I'm mainly interested in filtering mail for spam. So I use a lot of third party spam signatures but I make little effort to add to ClamAV's 'official' virus database.
I came across an article that basically said to dump the database and search for the name...
But which name? There's no universal naming convention for malware. However, in this case, maybe you're in luck: $ grep -ia friedex /var/lib/clamav/databases/* daily.cld:Win.Ransomware.Friedex-6961100-0;Engine:81-255,Target:1;[snip] Of course there could be a whole family of the little varmints.
... I can’t find anywhere on the website to submit data for a known piece of ransomware ...
My first search: https://www.bing.com/search?q=clamav+submit+virus The first hit: https://www.clamav.net/reports/malware But it would be as well to check first that it isn't already covered. -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
