Recently been collecting a lot of various malware through the use of a couple of new honeypots. I've been trying to submit via the webform, but I've never seen any confirmation that they were accepted or rejected through monitoring of the clamav-virusdb list. Basically I just want to know if I should continue to attempt to send my collected files which are not matched by ClamAV to the website...
Here comes the long part... Just to give you an idea of the number of files were talking about, here is output from a quick script that uses three scanners to double check ClamAV's results: [clamscan is running with --detect-broken] Starting ClamAV (ClamAV 0.86.2/1079/Mon Sep 12 05:23:50 2005) Scan of 481 files... Be Patient... Done with ClamAV Scan... 80 piece(s) of remaining unknown malware. ClamAV took 13 wallclock secs ( 0.00 usr 0.00 sys + 11.43 cusr 0.49 csys = 11.92 CPU) Starting AntiVir (vdf version: 6.31.1.229 <http://6.31.1.229>) Scan... Be Patient... 0188ce6b395d607e4a482ea0f6413719 contains Worm/Agobot.113572 03f035c7a5235ef712b5b25299889614 contains Worm/RBot.116736.12 0c01728b7ecdd68dbf03e17cfec4db95 contains Worm/Cobot.20480 0c3611d79a8af0d85ac5a8a63e428b7c contains Worm/Rbot.178176.2 11c58e6f0ce7d01b64bfd314f2248ad2 contains Worm/RBot.108032.9 155ec5274279d09c3c129a306b4ef4ad contains Worm/RBot.104448.10 17d787186796bbf38563a21a37ed0067 contains Worm/Korgo.AC.3 183c9b7c15b31e39bc8cd0db37872a89 contains Worm/RBot.194560.1 1fcc146d70a0ba85245db16c4b793f5d contains Worm/Korgo.AC.3 218af131a94327b249e7d4e8a3d10114 contains Worm/Korgo.M 26d422710bfa3ceef42955faf69ffa49 contains Worm/RBot.116736.12 2905c51097ef46d6e13234e7a9fda106 contains Worm/RBot.184832.2 2cc97e9d8f23a12ca7172f9e0d92ef43 contains Worm/Agobot.82432.3 31451653a6e54cafbdd8472eb7e49b19 contains Worm/RBot.116736.12 3242d1a7d241941089b3ca6ca8adaf1f contains Worm/RBot.184832.2 32a0d7d0e06ece92f98c22954902d20d contains Worm/Korgo.G.1 33c887fbcd45fe82a0c8acf6a619b9a1 contains Worm/IRCBot.FV 393f45ca33a94d144505a864d037679a contains Worm/Padobot.Y 39f74eba53e4dd284830b8bd3dda1e50 contains Worm/Korgo.I.2 42c419260cfa75a78d9bf6bc635139f5 contains Worm/RBot.116736.12 457946f0b0c9f7bb92a4f8896068e32f contains Worm/RBot.194560.1 46fd8c1a457ad746ed6b304fdb48081b contains Worm/Korgo.AC.3 476f16183844adb0ddc2ccf8c64b0c02 contains Worm/Korgo.AC.3 492957db81b3542d7a4261be05adcf3c contains Worm/Korgo.I.2 4f13d0bf82911ca40a5299b825cf9e88 contains Worm.Korgo.F.var 5213a8bc15122fca48544968fed6fab3 contains Worm/Korgo.AC.3 533acc3c700d2ec58d79500a564792d6 contains Worm/Padobot.U.1 5a6f0bd39dfc8a990cdaa9e2c194f81b contains Worm/IRCBot.139264 6210115f33ddd9eeb75060557da19118 contains Worm/Rbot.116736.8 65576b045a38b1372017a8867747fec5 contains Worm/Agobot.302592 65a493695726a20fefe6b33e09944bd4 contains Worm/RBot.116736.12 6d9efb261eac04443555db75fb7bae5d contains Worm/RBot.108032.9 702b6a9a6f00ff5f522964bb126a0fea contains Worm/Korgo.AC.3 727a00716e78cb402e51e0579472a4b0 contains BDS/Codbot.AP 7c463cf1a842682312dba6707cdd8d48 contains Worm/Rbot.178176.2 82b7c1bcd80c7b8d07df6b1d005ebeb1 contains Worm/Aimbot.158720 83e6b50cae23a210e59d05b50da65694 contains Worm/Korgo.AC.3 84f3c97755791ffdf24fe50846af431d contains Worm/Agobo.184832.1 8ad5c0ef8f673f1ffee9208eafde8681 contains Worm/Gobot.40265 8ae2cc2e80cee23175b5afefa8274173 contains Worm/Korgo.AC.3 9b180ce7f78a0ca077d45ca2c000dba7 contains TR/Bobax.M.1 9dfdf87e03f949309c538daa9e571e2e contains Worm/RBot.116736.12 9e6ec131f78bc0ac86144b6cb1f944c1 contains Worm/Rbot.190976.1 a285af6a660b62b391535fd7ba5a566f contains Worm/Gaobot.108032.9 a99408e866c8115bc605c00446911017 contains Worm/RBot.19456 a9b2e967171ac01d1db0469b8829e9d4 contains Worm/Rbot.178176.2 af35b68f1e87b2ae99f6524be8ee4e12 contains Worm/Korgo.AC.3 b1e7d9ba35d0ad9efddd5a047e035264 contains Worm/Korgo.E be059c27c61685628867f9e693f79c05 contains Worm/RBot.194560.1 be701b6d80d4b2bda071edbb6d1a1e2c contains Worm/Korgo.AC.3 bef7d56cdfc9b89b924cf056784270ab contains Worm/RBot.116736.12 c05385e6008590e20dd6c83773340175 contains Worm/Korgo.AC.3 c2566a2d68af213657a716a0d3f67038 contains Worm/RBot.194560.1 c34b5ec44017814cb4b9718855267984 contains BDS/Codbot.AP c5b49d8babe8f9fda97ef5b688039cc4 contains Worm/IRCBo.194560.A ca47a36342c23f5c291ae4fc6d4f6416 contains Worm.Korgo.F.var cae25b4049a4da57857ac91f43b70be8 contains Worm/RBot.116736.12 d175bad0e6ecd95f04b20ff2a1c5d625 contains Worm/Korgo.G.1 d85bf0c525734d75e369dd3b178ef38d contains Worm/Korgo.E d8945956d931ba17f636fe493d6fe60d contains Worm/Rbot.XE.1 df8114090c1e5e5196e3797f93f2c474 contains Worm/RBot.184832.2 ef4aea15a147a2e7ff2a2317e1f58c7e contains Worm/Rbot.178176.2 f1709e8ad4dc579a737ac8b12afb5f83 contains Worm/RBot.116736.12 f20d2c0b8e2786cb48ce6b3dcdee6a43 contains Worm/Korgo.AC.3 f60180c76ff93b5716fbac46b9b2c583 contains Worm/Agobot.305163 fa36a08b5e9eba3e641ac01ab756d4a5 contains Worm/RBot.202240.1 fb5ed9f0edf191c56ac2a0f0d858ddef contains Worm/RBot.116736.12 fd13ba10973260c177f97a4404e2eff3 contains Worm/IRCBo.194560.A fd8dcf22e4443a9bb591bac581c042c1 contains Worm/Rbot.190976.1 fdc204a4c4a1f45f6969b3d4b5c9d94b contains Worm/RBot.108032.9 Done with AntiVir Scan... 10 piece(s) of remaining unknown malware. AntiVir took 66 wallclock secs ( 0.03 usr 0.09 sys + 60.87 cusr 4.48 csys = 65.47 CPU) Starting F-Prot (SIGN2.DEF created 9 September 2005) Scan on 10 remaining file(s)... Be Patient... 56d7dec132bb075060505df9cb761a45 contains W32/Sdbot.LXX 9ee1c7220f6a45a129953f302c67fb86 contains W32/Sdbot.LXE Done with F-Prot Scan... 8 piece(s) of remaining unknown malware. F-Prot took 11 wallclock secs ( 0.00 usr 0.01 sys + 10.82 cusr 0.56 csys = 11.39 CPU) Starting BitDefender Scan on 8 remaining file(s)... Be Patient... 217ec9bddf12c2abcffee68f9cb9cff6 contains GenPack:Backdoor.SDBot.4D59CDA7 902ba0dfe2080c88a5ab1e9b96c4d106 contains BehavesLike:Win32.IRC-Backdoor Done with BitDefender Scan...6 piece(s) of remaining unknown malware. BitDefender took 15 wallclock secs ( 0.00 usr 0.00 sys + 14.20 cusr 1.02csys = 15.22 CPU) Deleting HTML file... 3b4da0e48cb6a328419bbe14748585ab Deleting HTML file... 411a4824b53ebe3e5d2326f3b29bb05a Deleting HTML file... 91e3624eab8105af296b5eb976bcbb09 Deleting HTML file... ade7c229a9ea032083ab699b848d6d44 The following 2 remaining file(s) probably deserve further inspection: /opt/nepenthes/var/binaries/e1a578cb04dd07342e19e51a24df9e36: PE executable for MS Windows (GUI) Intel 80386 32-bit /opt/nepenthes/var/binaries/fd8083ed952f54868fb1c06c8717a97d: PE executable for MS Windows (GUI) Intel 80386 32-bit Total Run Time: 105 wallclock secs ( 0.03 usr 0.10 sys + 97.32 cusr 6.55csys = 104.00 CPU) Was I submitting incorrectly? Lost in the shuffle? Ignored due to submitting unwanted files? Can't remember who I uploaded the files as via the form, but all the md5 sum filenames would be the same in any case. Appreciate any light that can be shed, suggestions, etc... _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
