Steve Basford wrote:
On Mon, June 23, 2014 4:47 pm, Walter Bürger wrote:This morning I submitted the file Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe (MD5 ad690be247dda635781e20887fcac0e7) on virustotal.com.4 out of 54 scanners detected a virus (NOD32 named it Win32/Kryptik.CFAE) but ClamAV did not detect it.Hi Walter, This was added to phish.ndb: Sanesecurity.Malware.23787.ZipHeur Added: 23 Jun 2014 09:32:40 UT Cheers, Steve Sanesecurity.com _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Thank you Steve, I am using the Sanesecurity signatures for a long time but at the time I wrote my post to the list, I ran clamdscanonly on the exe file. If I run clamdscan on both, the zip and the exe file, the malware in the zip file is detected:
clamdscan /tmp/bann/*/tmp/bann/2014_06rechnung_12553625576148_sign.zip: Sanesecurity.Malware.23787.ZipHeur.UNOFFICIAL FOUND
/tmp/bann/Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe: OK ----------- SCAN SUMMARY ----------- Infected files: 1 Time: 0.137 sec (0 m 0 s) Best regards, Walter.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
