Kees,
> $ clamscan --detect-pua us-cert-message
> us-cert-message: PUA.Win.Trojan.Xored-1 FOUND
>
> --- SCAN SUMMARY ---
> Known viruses: 6525318
> Engine version: 0.99
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.16 MB
> Data read: 0.10 MB (ra
On Sat, 21 Oct 2017, Eric Tykwinski wrote:
>clamscan TA17-293A_\ Advanced\ Persistent\ Threat\ Activity\ Targeting\
>Energy\ and\ Other\ Critical\ Infrastructure\ Sectors.eml
>TA17-293A_ Advanced Persistent Threat Activity Targeting Energy and Other
>Critical Infrastructure Sectors.eml: OK
>
>--
Kristen,
>
> Thanks Al. I went ahead and injected this quarantined message for
> delivery as it is a big HTML email that can be difficult to read from a
> BASH shell. It appears they are showing samples of code from some
> Windows exploit, or something. I didn't review it that long. I bet the
> s
