I am interested in Tom's list of unofficial signatures - but haven't
found the recommended way to use the signatures. Do I need to download
them periodically - or do I just add an additional freshclam
DataBaseMirror directive. In either case - exactly what is the url to
download from - or to
I am interested in Tom's list of unofficial signatures - but haven't
found the recommended way to use the signatures. Do I need to download
them periodically - or do I just add an additional freshclam
DataBaseMirror directive. In either case - exactly what is the url to
download from - or to
At 10:18 AM +0100 10/15/09, Steve Basford wrote:
I am interested in Tom's list of unofficial signatures - but haven't
found the recommended way to use the signatures. Do I need to download
them periodically - or do I just add an additional freshclam
DataBaseMirror directive. In either case
15.10.2009 14:55, Tom Shaw kirjoitti:
The samples I have of that one are being detected by ClamAV standard
sigs as Trojan.Peed-477. Wonder why you and some others didn't detect it
with standard sigs? Could this be a problem? Do you have samples that
were undetectable?
Tom
Undetected
Steve,
The samples I have of that one are being detected by ClamAV standard
sigs as Trojan.Peed-477. Wonder why you and some others didn't detect
it with standard sigs? Could this be a problem? Do you have samples
that were undetectable?
Not sure Tom... here's a quick test...
Official
Undetected Outlook Express malware:
h t t p :/ / www.iki.fi/jarif/malware/install.zip
That's one of 'em:
Sanesecurity.Rogue.736.UNOFFICIAL
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
Undetected IRS scam variant.
http://www.iki.fi/jarif/malware/tax-statement.exe
--
http://www.iki.fi/jarif/
A classic is something that everyone wants to have read
and nobody wants to read.
-- Mark Twain, The Disappearance of Literature
pgptHhkej7lOn.pgp
Description: PGP
At 1:23 PM +0100 10/15/09, Steve Basford wrote:
Undetected Outlook Express malware:
h t t p :/ / www.iki.fi/jarif/malware/install.zip
That's one of 'em:
Sanesecurity.Rogue.736.UNOFFICIAL
Well that one didn't get detected by standard ClamAV. Must be running
multiple payloads
That one
At 3:14 PM +0300 10/15/09, Jari Fredriksson wrote:
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol=application/pgp-signature;
boundary==_20nrA2UWvqBocwzbhDgZQrQ22plLxr
Content-Disposition: inline
15.10.2009 14:55, Tom Shaw kirjoitti:
The samples I have of that one are being
At 4:30 PM +0300 10/15/09, Jari Fredriksson wrote:
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol=application/pgp-signature;
boundary==_6GorA2txt0CVliaTmJuBPNhCIqDzZA
Content-Disposition: inline
Undetected IRS scam variant.
http://www.iki.fi/jarif/malware/tax-statement.exe
--
15.10.2009 16:47, Tom Shaw kirjoitti:
At 4:30 PM +0300 10/15/09, Jari Fredriksson wrote:
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol=application/pgp-signature;
boundary==_6GorA2txt0CVliaTmJuBPNhCIqDzZA
Content-Disposition: inline
Undetected IRS scam variant.
At 1:23 PM +0100 10/15/09, Steve Basford wrote:
Undetected Outlook Express malware:
h t t p :/ / www.iki.fi/jarif/malware/install.zip
That's one of 'em:
Sanesecurity.Rogue.736.UNOFFICIAL
FYI Official ClamAV sigs now detect as Trojan.Inject-2443 I just
noticed that my
Does ClamAV somehow dedicate to email format (base64) or how it is
possible that is does not recognise this
http://www.iki.fi/jarif/malware/FILE_UPS_c380a16.zip
That's an UPS fraud, W32/Bredolab.D.gen!Eldorado by F-Prot.
--
http://www.iki.fi/jarif/
An exotic journey in downtown Newark is in
15.10.2009 17:24, Jari Fredriksson kirjoitti:
Does ClamAV somehow dedicate to email format (base64) or how it is
possible that is does not recognise this
http://www.iki.fi/jarif/malware/FILE_UPS_c380a16.zip
That's an UPS fraud, W32/Bredolab.D.gen!Eldorado by F-Prot.
Uh. The point was
At 5:24 PM +0300 10/15/09, Jari Fredriksson wrote:
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol=application/pgp-signature;
boundary==_T3prA2NkQhJdMqo4E_3U4WfuiiDVVM
Content-Disposition: inline
Does ClamAV somehow dedicate to email format (base64) or how it is
possible that is
Richard Chapman wrote:
I am interested in Tom's list of unofficial signatures - but haven't
found the recommended way to use the signatures. Do I need to download
them periodically - or do I just add an additional freshclam
DataBaseMirror directive. In either case - exactly what is the url to
16 matches
Mail list logo
