date:20180306

Re: [clamav-users] Virus definition question

2018-03-06 Thread Al Varnell

I have no what the verification process might be, if it even exists.

According to VirusTotal's Relationships Information on this file, "While 
monitoring an end-user machine in-the-wild, CarbonBlack noticed the following 
files in execution wrote this sample to disk." so my guess would be that ClamAV 
picked this up from VirusTotal. What little I know about CarbonBlack is that it 
tends to identify anything it doesn't know about as suspicious.

If you have information that indicates it's a legitimate file and where it came 
from, then you should both upload it to  with an 
explanation as well as post that information back here.

-Al-

On Tue, Mar 06, 2018 at 09:23 PM, Lindon Ng wrote:
> 
> Hello,
> 
> 
> I would like to ask on how the virus definitions are actually verified?
> 
> As a malware that I am looking at seems to be only detectable by ClamAV and 
> not other anti viruses on virustotal. Is this likely to be a false positive 
> or is it possible to ask why this malware is being flagged out only by ClamAV?
> 
> 
> The signature definition is: 
> aa9ee67ebff4e0e4d3153d7f8c0cb3c2:995383:Win.Trojan.Agent-5604219-0:73. It was 
> released on 16 Jan 2017.
> 
> 
> Thank you.
> 
> 
> Cheers,
> Lindon Ng

smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Virus definition question

2018-03-06 Thread Lindon Ng

Hello,


I would like to ask on how the virus definitions are actually verified?

As a malware that I am looking at seems to be only detectable by ClamAV and not 
other anti viruses on virustotal. Is this likely to be a false positive or is 
it possible to ask why this malware is being flagged out only by ClamAV?


The signature definition is: 
aa9ee67ebff4e0e4d3153d7f8c0cb3c2:995383:Win.Trojan.Agent-5604219-0:73. It was 
released on 16 Jan 2017.


Thank you.


Cheers,
Lindon Ng
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Virus definition question

[clamav-users] Virus definition question

2 matches

Site Navigation

Mail list logo

Footer information