I have checked VirusTotal and none of the 23 samples submitted yesterday were
detected at the time of submission by ClamAV. I'd estimate that an average of
20 of 55 scanners did detect them as infected. On the basis of that I would
have to guess that ClamAV signatures will not detect Grizzly Ste
I have offered sigs to ClamAV official but have heard nothing back yet.
> On Jan 4, 2017, at 6:52 PM, Eric Tykwinski wrote:
>
> This was my concern about Cisco’s AMP product on ASA’s and NGIPS’s. I’m
> going to be beta testing stuff out shortly, but don’t have high hopes besides
> the Snort r
This was my concern about Cisco’s AMP product on ASA’s and NGIPS’s. I’m going
to be beta testing stuff out shortly, but don’t have high hopes besides the
Snort rules.
Sincerely,
Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
> On Jan 4, 2017, at 6:23 PM, Reindl Harald wrote:
>
>
>
> Am 04.0
Am 04.01.2017 um 23:12 schrieb Al Varnell:
Can somebody with access to those samples run them against a virgin ClamAV
signature database to answer the question? I'd be happy to if there are
samples I can access.
official, virgin signatures don't and probably will never recognize
recent ma
Tom,
It's not that I don't want to use your sigs, but in order to assist ClamXav
users I need my setup to match theirs and it currently only uses ClamXav
macOS/OS X specific unofficial. There is talk of adding others in the future,
but not now.
-Al-
On Wed, Jan 04, 2017 at 02:17 PM, TR Shaw w
Doesn’t detect to RAT
Al, if you don’t want to run my unofficial sigs I would be happy to provide
them to Joel for incorporation into official db.
> On Jan 4, 2017, at 5:12 PM, Al Varnell wrote:
>
> Can somebody with access to those samples run them against a virgin ClamAV
> signature datab
Can somebody with access to those samples run them against a virgin ClamAV
signature database to answer the question? I'd be happy to if there are
samples I can access.
-Al-
On Wed, Jan 04, 2017 at 07:33 AM, TR Shaw wrote:
>
> I added detection in winnow_extended_malware.hdb which is distribu
I added detection in winnow_extended_malware.hdb which is distributed is the
sanesecurity feed the day after the JAR was released. I also searched for the
RAT and added signatures for that as well in winnow_malware_links.ndb
Signatures are identified as winnow.Trojan.GRIZZLY_STEPPE.
Tom
> On
* Andrew McGrath :
> I'm being asked a question by our security team that I am struggling
> to answer. The question is "Does ClamAV detect Grizzly Steppe?".
>
> I've hunted around the archives, support pages and google, but do not
> see any discussion about this, could anyone comment?
They probab
I'm being asked a question by our security team that I am struggling
to answer. The question is "Does ClamAV detect Grizzly Steppe?".
I've hunted around the archives, support pages and google, but do not
see any discussion about this, could anyone comment?
Thank you!
_
10 matches
Mail list logo