Hi,
Excellent... except for one potential problem... this is in their
"foxhole_all.cdb" file which they label as "high false positive risk"
- which could scare some away!
For those who don't score very high on ClamAv and/or who are able to
score DIFFERENTLY based on different types of Sanese
On 03/27/2018 09:37 AM, Rob McEwen wrote:
On 3/27/2018 9:48 AM, David Jones wrote:
Looks like ClamAV UNOFFICIAL sigs are detecting this:
Clamd: message was infected: Sanesecurity.Foxhole.Zip_url.UNOFFICIAL
David,
Excellent... except for one potential problem... this is in their
"foxhole_al
On 3/27/2018 9:48 AM, David Jones wrote:
Looks like ClamAV UNOFFICIAL sigs are detecting this:
Clamd: message was infected: Sanesecurity.Foxhole.Zip_url.UNOFFICIAL
David,
Excellent... except for one potential problem... this is in their
"foxhole_all.cdb" file which they label as "high false
On 03/27/2018 08:24 AM, Pedro David Marco wrote:
Thanks Rob, can you pastebin a sample??
PedroD
Looks like ClamAV UNOFFICIAL sigs are detecting this:
Clamd: message was infected: Sanesecurity.Foxhole.Zip_url.UNOFFICIAL
Clamd: Purchase Order_4014053_27032018.zip was infected:
Sanesecur
Thanks Rob, can you pastebin a sample??
PedroD
Today, MUCH sneaky spams are being sent with an attached zipped
malicious URL/shortcut file.
Most or all of these are easily caught by Thread-Index, as follows:
Thread-Index: AdBx5/5UsdSTxflQTPi+FyODmVaqhA==
Perhaps someone can make a rule for this and post it here?
I already set this in anot