Re: [clamav-users] Not detecting valid malicious file if the zip file contains corrupted zip file

2019-02-01 Thread Micah Snyder (micasnyd) 
Vijay,

The sample you linked on gdrive is now detected by gdrive and can't be 
downloaded (gdrive blocks it).

If you believe that it is actually a scanning issue in ClamAV, please do submit 
the ticket for us to investigate.
If you need to share live samples, be certain to warn people that it is 
malicious, and then package it in an encrypted archive with a password so it 
isn't blocked.

Regards,
-Micah

On Jan 31, 2019, at 6:39 AM, Vijayakumar U 
mailto:vj1...@gmail.com>> wrote:

Do I need to raise this issue or is it taken care of already?

On Thu, 10 Jan 2019 at 21:12, Benny Pedersen 
mailto:m...@junc.eu>> wrote:
Vijayakumar U skrev den 2019-01-10 15:42:

> When a malicious file is inside zip file and if zip file contains some
> other corrupted zip file, the malicious file is not filtered as virus.

+1

please start using foxhole 3dr party signatures to stop this malwares
with double packed archives

> Sample link - ZXW2.6-Blackfish2.0.zip -
> https://drive.google.com/drive/folders/129LvUWJNnp_P-qzXIxA5nqlyS0lnraQB

ZXW2.6.exe is undetected on gdrive, so it can be downloaded, on
virustotal.com its detected on 18 out of 68 scanners :)

i have sent this file to http://www.clamav.net/reports/malware as a
false negative

thanks for reporting and using clamav
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


--
Cheers,
Vijay.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Not detecting valid malicious file if the zip file contains corrupted zip file

2019-01-31 Thread Benny Pedersen 

Vijayakumar U skrev den 2019-01-31 12:39:

Do I need to raise this issue or is it taken care of already?


what issue ?
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Not detecting valid malicious file if the zip file contains corrupted zip file

2019-01-31 Thread Vijayakumar U 
Do I need to raise this issue or is it taken care of already?

On Thu, 10 Jan 2019 at 21:12, Benny Pedersen  wrote:

> Vijayakumar U skrev den 2019-01-10 15:42:
>
> > When a malicious file is inside zip file and if zip file contains some
> > other corrupted zip file, the malicious file is not filtered as virus.
>
> +1
>
> please start using foxhole 3dr party signatures to stop this malwares
> with double packed archives
>
> > Sample link - ZXW2.6-Blackfish2.0.zip -
> > https://drive.google.com/drive/folders/129LvUWJNnp_P-qzXIxA5nqlyS0lnraQB
>
> ZXW2.6.exe is undetected on gdrive, so it can be downloaded, on
> virustotal.com its detected on 18 out of 68 scanners :)
>
> i have sent this file to http://www.clamav.net/reports/malware as a
> false negative
>
> thanks for reporting and using clamav
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


-- 
Cheers,
Vijay.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Not detecting valid malicious file if the zip file contains corrupted zip file

2019-01-10 Thread Benny Pedersen 

Vijayakumar U skrev den 2019-01-10 15:42:


When a malicious file is inside zip file and if zip file contains some
other corrupted zip file, the malicious file is not filtered as virus.


+1

please start using foxhole 3dr party signatures to stop this malwares 
with double packed archives



Sample link - ZXW2.6-Blackfish2.0.zip -
https://drive.google.com/drive/folders/129LvUWJNnp_P-qzXIxA5nqlyS0lnraQB


ZXW2.6.exe is undetected on gdrive, so it can be downloaded, on 
virustotal.com its detected on 18 out of 68 scanners :)


i have sent this file to http://www.clamav.net/reports/malware as a 
false negative


thanks for reporting and using clamav
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Not detecting valid malicious file if the zip file contains corrupted zip file

2019-01-10 Thread Vijayakumar U 
Dear ClamAV Team,

When a malicious file is inside zip file and if zip file contains some
other corrupted zip file, the malicious file is not filtered as virus.

Sample link - ZXW2.6-Blackfish2.0.zip -
https://drive.google.com/drive/folders/129LvUWJNnp_P-qzXIxA5nqlyS0lnraQB

Kindly look into this issue.

Thanks and regards,
Vijay.
-- 
Sent from Gmal for iPad
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml